On Sun, Mar 21, 2004 at 09:49:29AM +0100, Cedric Blancher wrote:Le dim 21/03/2004 � 02:04, Jim Richardson a �crit :Where? /home is mounted noexec.
With the worm...>Keylogger ? Installed how?
no problem, see here:
http://lists.netsys.com/pipermail/full-disclosure/2004-January/015143.html
"The ability to load a new process image without the direct aid of the kernel is important in many scenarios. For example: a program (e.g. shellcode) could load a binary off the wire and execute it without first creating a copy on disk; or, a program could extract a binary from an encrypted data store and execute it without creating a plain text image on the disk. Userland exec is useful for any situation where it is preferable not to create a file on the disk when executing a program."
cheers, twkonefal
-- Tomasz Konefal Systems Administrator Command Post and Transfer Corp. 416-585-9995 x.349
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
