-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel Drake wrote:
Hi,
The local root exploit-of-the-week would have been unable to run if our
users systems had /proc mounted with nosuid and/or noexec
It would be worthwhile considering making this a default. What are
people's thoughts?
On Sunday 16 July 2006 10:07, Josh Saddler wrote:
Daniel Drake wrote:
Hi,
The local root exploit-of-the-week would have been unable to run if our
users systems had /proc mounted with nosuid and/or noexec
It would be worthwhile considering making this a default. What are
people's thoughts?
Ned Ludd [EMAIL PROTECTED] wrote:
Not 100% sure about the noexec part as that might break upx which
calls /proc/self/exe as part of it's decompresser routines.
/proc/self/exe is a symlink, and the permissions of symlinks aren't used
for anything. It's less than trivial (and I think
On Sat, 2006-07-15 at 15:20 -0400, Mike Frysinger wrote:
On Saturday 15 July 2006 13:41, Ned Ludd wrote:
On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote:
The local root exploit-of-the-week would have been unable to run if our
users systems had /proc mounted with nosuid and/or noexec
Hi,
The local root exploit-of-the-week would have been unable to run if our
users systems had /proc mounted with nosuid and/or noexec
It would be worthwhile considering making this a default. What are
people's thoughts?
Additional testing of this change would be appreciated (just ensure
On Sat, 2006-07-15 at 13:41 -0400, Ned Ludd wrote:
On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote:
Hi,
The local root exploit-of-the-week would have been unable to run if our
users systems had /proc mounted with nosuid and/or noexec
It would be worthwhile considering making
On Saturday 15 July 2006 13:41, Ned Ludd wrote:
On Sat, 2006-07-15 at 17:45 +0100, Daniel Drake wrote:
The local root exploit-of-the-week would have been unable to run if our
users systems had /proc mounted with nosuid and/or noexec
It would be worthwhile considering making this a
Daniel Drake wrote:
Hi,
The local root exploit-of-the-week would have been unable to run if our
users systems had /proc mounted with nosuid and/or noexec
It would be worthwhile considering making this a default. What are
people's thoughts?
Additional testing of this change would be