Iassen Anadoliev wrote: <snip> > Малко оффтопик, но nosuid,noexec е лека заблуда на противника: > test:~# dd if=/dev/zero of=fs bs=1k count=100 > 100+0 records in > 100+0 records out > 102400 bytes (102 kB) copied, 0.000681537 seconds, 150 MB/s > test:~# losetup -f fs > test:~# mkfs.ext3 /dev/loop0 > mke2fs 1.40-WIP (14-Nov-2006) > Filesystem label= > OS type: Linux > <snip> > </snip> > test:~# > test:~# mount -o loop,nosuid,noexec fs mnt > test:~# mount|grep mnt > /root/fs on /root/mnt type ext2 (rw,noexec,nosuid,loop=/dev/loop1) > test:~# > test:~/mnt# cat << EOF > test >> #!/bin/bash >> echo test >> EOF > test:~/mnt# > test:~/mnt# chmod 0755 test > test:~/mnt# ./test > -su: ./test: /bin/bash: bad interpreter: Permission denied > test:~/mnt# /bin/bash test > test > test:~/mnt# > > Пробвай safe_mode :) >
Не е заблуда на противника. noexec оптцията прави точно това което трябва да прави. От man 8 mount: "noexec Do not allow direct execution of any *binaries* on the mounted file system. (Until recently it was possible to run binaries anyway using a command like /lib/ld*.so /mnt/binary. This trick fails since Linux 2.4.25 / 2.6.0.)" Това е обсъждано и друг път тук, погледни архива на листа. -- regards, Georgi Alexandrov key server - pgp.mit.edu :: key id - 0x37B4B3EE Key fingerprint = E429 BF93 FA67 44E9 B7D4 F89E F990 01C1 37B4 B3EE
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Lug-bg mailing list [email protected] http://linux-bulgaria.org/mailman/listinfo/lug-bg
