[CentOS] Hardening CentOS by removing "hacker" tools

Ralph Angenendt ra+centos at br-online.de
Sat Jun 7 13:11:49 UTC 2008


Erek Dyskant wrote:
> 
> > Not if /home and /tmp and /var/tmp are mounted with noexec,nodev,nosuid,...
> 
> Actually, wrong.
> 
>  /lib/ld-2.5.so ~/bin/wget 

Actually, wrong:

[angenenr at shutdown ~]$bin/true ; echo $?
0
[angenenr at shutdown ~]$/lib64/ld-2.5.so bin/true; echo $?
0
[angenenr at shutdown ~]$sudo mount -o remount,noexec /home
[angenenr at shutdown ~]$bin/true ; echo $?
-bash: bin/true: Permission denied
126
[angenenr at shutdown ~]$/lib64/ld-2.5.so bin/true; echo $?
bin/true: error while loading shared libraries: bin/true: failed to map
segment from shared object: Operation not permitted
127
[angenenr at shutdown ~]$

Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20080607/f5816b6e/attachment.sig>


More information about the CentOS mailing list