1 |
Eric Pretorious wrote: |
2 |
|
3 |
> On Thursday 14 October 2004 08:15 pm, Dan Margolis wrote: |
4 |
> |
5 |
>>Following on your previous e-mail to the documentation editors, I would |
6 |
>>appreciate it if you'd file a bug at |
7 |
>>http://bugs.gentoo.org/enter_bug.cgi?product=Docs-user&format=guided. |
8 |
> |
9 |
> |
10 |
> Done: http://bugs.gentoo.org/show_bug.cgi?id=67701 |
11 |
> |
12 |
> |
13 |
>>As for this being widely known, it is not something I ever considered, |
14 |
>>but it also is not, in and of itself, an exploit. |
15 |
> |
16 |
> |
17 |
> True - It's not an exploit - But it's definitely a well-known weakness. |
18 |
> |
19 |
This isn't a weakness at all, presumably the attacker had root and could have |
20 |
put these files anywhere, he just chose /dev/shm. |
21 |
|
22 |
I can't imagine why he'd choose that as the rootkit would go away on reboot but |
23 |
*shrug* |
24 |
> |
25 |
>>Presumably the attacker first used some other vulnerability to gain access to |
26 |
>>your server. |
27 |
> |
28 |
> |
29 |
> A valid user was able to install/execute a root-kit from /dev/shm. |
30 |
> |
31 |
> |
32 |
>>Further, if I were to set up a server where I did not want to allow |
33 |
>>users to execute anything but my own chosen binaries, I would probably |
34 |
>>use GRSecurity's Trusted Path Execution, which allows a whitelist |
35 |
>>approach (i.e. allow only root owned binaries in /bin or /usr/local/bin) |
36 |
>>rather than trying to make sure our partitions are all mounted correctly. |
37 |
> |
38 |
> |
39 |
trusted path is a broken concept. |
40 |
|
41 |
> Had I known how easily Linux's security could be circumvented, I surely would |
42 |
> have invested more time hardening the system. :( |
43 |
> |
44 |
:) linux's security system is hardly a security system at all. |
45 |
> |
46 |
>>That said, this is certainly a lapse in the Security Guide, and if you |
47 |
>>file a bug I am sure it will be corrected shortly (if by nobody else, |
48 |
>>than, soon as I have the time, I will write an update). |
49 |
> |
50 |
> |
51 |
Don't think so. |
52 |
|
53 |
I'm not sure if it's been mentioned but adding noexec wouldn't prevent this |
54 |
since you can always run elf binaries through ld.so without directly executing |
55 |
them and noexec doesn't prevent this. Further, as I already said, if he already |
56 |
had root he could have put it anywhere he wanted, or even remounted /dev/shm |
57 |
without noexec. There are no security gains here. |
58 |
|
59 |
Joshua |
60 |
|
61 |
|
62 |
-- |
63 |
gentoo-hardened@g.o mailing list |