[Gllug] Limiting SSH access
Richard W.M. Jones
rich at annexia.org
Mon Apr 7 08:43:21 UTC 2003
On Sun, Apr 06, 2003 at 11:16:09PM +0100, Nix wrote:
> On Thu, 3 Apr 2003, Richard W. M. Jones spake:
> > On the project I mentioned in the earlier email we mounted /home
> > with the 'noexec' flag so users couldn't execute anything from it!
>
> This is useless as long as the user can get at the glibc dynamic loader
> (which very likely he can):
>
> ,----
> | nix at hades ~ % ./foo
> | zsh: ./foo: Permission denied
> | nix at hades ~ % /lib/ld-linux.so.2 ./foo
> | Hello world
> `----
Ouch :-)
That looks like another ELF bug worthy of bugtraq.
Rich.
--
Richard Jones, Red Hat Inc. (London office, UK) http://www.redhat.com/
http://www.annexia.org/ Freshmeat projects: http://freshmeat.net/users/rwmj
C2LIB is a library of basic Perl/STL-like types for C. Vectors, hashes,
trees, string funcs, pool allocator: http://www.annexia.org/freeware/c2lib/
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list