[CentOS] Hardening CentOS by removing "hacker" tools
Ralph Angenendt
ra+centos at br-online.de
Sat Jun 7 13:11:49 UTC 2008
Erek Dyskant wrote:
>
> > Not if /home and /tmp and /var/tmp are mounted with noexec,nodev,nosuid,...
>
> Actually, wrong.
>
> /lib/ld-2.5.so ~/bin/wget
Actually, wrong:
[angenenr at shutdown ~]$bin/true ; echo $?
0
[angenenr at shutdown ~]$/lib64/ld-2.5.so bin/true; echo $?
0
[angenenr at shutdown ~]$sudo mount -o remount,noexec /home
[angenenr at shutdown ~]$bin/true ; echo $?
-bash: bin/true: Permission denied
126
[angenenr at shutdown ~]$/lib64/ld-2.5.so bin/true; echo $?
bin/true: error while loading shared libraries: bin/true: failed to map
segment from shared object: Operation not permitted
127
[angenenr at shutdown ~]$
Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20080607/f5816b6e/attachment.sig>
More information about the CentOS
mailing list