INRE Re: [cobalt-security] RE: The nasty RaQ hack...: > >�Just from my "personal" point of view, I chmod 444 the gcc program since > > any exploit that gets "root" level would still have access to gcc under > > mode 700. Under mode 444 is it not "executable" and therefore won't work > > for anyone without changing the mode first, �but then again I am > > "paranoid" (see hosts.allow.conf) > > If the intruder already have root access, he does not need to compile > anything anyway. �It seems that a number of exploit scenarios involve > getting non-root access, compiling a piece of code and using it to get > root access. > > Not that disabling gcc is a real defence, just a thwart for some > ready-to-use exploit scripts.
Yes, but at mode 444 they cannot compile _anything_ whether root or not.... so the non-root access (if it requires compiling something to get to root) will also not work. They end up with non-root access..... -- Larry Smith SysAd ECSIS.NET [EMAIL PROTECTED] _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
