Re: [Lug-bg] пробив през апаче и пхп : (
- Subject: Re: [Lug-bg] пробив през апаче и пхп : (
- From: Georgi Alexandrov <georgi.alexandrov@xxxxxxxxx>
- Date: Thu, 12 Jul 2007 11:39:02 +0300
Iassen Anadoliev wrote:
<snip>
> Малко оффтопик, но nosuid,noexec е лека заблуда на противника:
> test:~# dd if=/dev/zero of=fs bs=1k count=100
> 100+0 records in
> 100+0 records out
> 102400 bytes (102 kB) copied, 0.000681537 seconds, 150 MB/s
> test:~# losetup -f fs
> test:~# mkfs.ext3 /dev/loop0
> mke2fs 1.40-WIP (14-Nov-2006)
> Filesystem label=
> OS type: Linux
> <snip>
> </snip>
> test:~#
> test:~# mount -o loop,nosuid,noexec fs mnt
> test:~# mount|grep mnt
> /root/fs on /root/mnt type ext2 (rw,noexec,nosuid,loop=/dev/loop1)
> test:~#
> test:~/mnt# cat << EOF > test
>> #!/bin/bash
>> echo test
>> EOF
> test:~/mnt#
> test:~/mnt# chmod 0755 test
> test:~/mnt# ./test
> -su: ./test: /bin/bash: bad interpreter: Permission denied
> test:~/mnt# /bin/bash test
> test
> test:~/mnt#
>
> Пробвай safe_mode :)
>
Не е заблуда на противника. noexec оптцията прави точно това което
трябва да прави. От man 8 mount:
"noexec Do not allow direct execution of any *binaries* on the mounted
file system. (Until recently it was possible to run binaries anyway
using a command like /lib/ld*.so /mnt/binary. This trick fails since
Linux 2.4.25 / 2.6.0.)"
Това е обсъждано и друг път тук, погледни архива на листа.
--
regards,
Georgi Alexandrov
key server - pgp.mit.edu :: key id - 0x37B4B3EE
Key fingerprint = E429 BF93 FA67 44E9 B7D4 F89E F990 01C1 37B4 B3EE
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
Lug-bg mailing list
Lug-bg@xxxxxxxxxxxxxxxxxx
http://linux-bulgaria.org/mailman/listinfo/lug-bg
|