1 |
On Thursday 14 October 2004 08:15 pm, Dan Margolis wrote: |
2 |
>Following on your previous e-mail to the documentation editors, I would |
3 |
>appreciate it if you'd file a bug at |
4 |
>http://bugs.gentoo.org/enter_bug.cgi?product=Docs-user&format=guided. |
5 |
|
6 |
Done: http://bugs.gentoo.org/show_bug.cgi?id=67701 |
7 |
|
8 |
>As for this being widely known, it is not something I ever considered, |
9 |
>but it also is not, in and of itself, an exploit. |
10 |
|
11 |
True - It's not an exploit - But it's definitely a well-known weakness. |
12 |
|
13 |
>Presumably the attacker first used some other vulnerability to gain access to |
14 |
>your server. |
15 |
|
16 |
A valid user was able to install/execute a root-kit from /dev/shm. |
17 |
|
18 |
>Further, if I were to set up a server where I did not want to allow |
19 |
>users to execute anything but my own chosen binaries, I would probably |
20 |
>use GRSecurity's Trusted Path Execution, which allows a whitelist |
21 |
>approach (i.e. allow only root owned binaries in /bin or /usr/local/bin) |
22 |
>rather than trying to make sure our partitions are all mounted correctly. |
23 |
|
24 |
Had I known how easily Linux's security could be circumvented, I surely would |
25 |
have invested more time hardening the system. :( |
26 |
|
27 |
>That said, this is certainly a lapse in the Security Guide, and if you |
28 |
>file a bug I am sure it will be corrected shortly (if by nobody else, |
29 |
>than, soon as I have the time, I will write an update). |
30 |
|
31 |
Thanks, Dan! |
32 |
|
33 |
-- |
34 |
Eric P. |
35 |
|
36 |
-- |
37 |
gentoo-hardened@g.o mailing list |