Dear Linuxers,
--- mbpillai at asianetindia.com wrote:
> Quoting David Desrosiers <daviddes at us.ibm.com>:
>
> > Never, ever, EVER run an unknown shell script that you didn't create and
> > can't directly read or audit. EVER!
> >
> > Bad advice on your part. Copy it off to a system you can control, change
> > the perms on it so you CAN read it, and see what it does. If you don't
> > understand what it does, ask someone who does. Do not just blindly run it
> > to see what it does. What if it has no output, but trashes your system and
> > mails your password, shadow, ~/.ssh/* files to some IP in Romania? You
> > wouldn't even know.
> >
>
>
> Pardon me. I missed that point. Thanks Mr. David Desrosiers
>
> With regards
>
> M.Balakrishna Pillai
>
>
There is a better option to fend off future attacks.
When you mount the /tmp dir (mostly it is a symlink to /var/tmp). add the
mount options "nodev,noexec" to the /etc/fstab.
This won't allow creation of devices with mknod (pipes or sockets), and also
will prevent potential crackers from placing suid/non-suid binaries (or shell
scripts) in dirs like /tmp.
Correct me if I said anything wrong, but I think this will close those holes...
-- maravind
? Les cons peuvent ?tre vaincus mais ils n'admettent jamais l'?tre. ?
("Idiots can be defeated but they never admit it.")
-- Richard M. Stallman
========================================================================
International | Install Linux. | Register yourself at:
GNU/Linux user #371671 | Lead a GNU Life! | http://counter.li.org/
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
