Re: procfs hole

Brian Mitchell (brian@FIREHOUSE.NET)
Sun, 10 Aug 1997 14:38:41 -0400

On Sun, 10 Aug 1997, Jonathan A. Zdziarski wrote:

This would be a horrible solution. Someone is just going to chose another
function to overwrite and do a setuid(0) and execve() of some shell.

> Would disabling bash and sh (and any other shells that allowed this) be a
> good temporary solution? I've noticed you have to have it set as your
> default shell, so removing it from /etc/shells could prevent this. It's
> either that or disbale procfs (and I'm still not sure what the effects of
> that would be)
>
>
> -------------------------------------------------------------------------
> Jonathan A. Zdziarski NetRail Incorporated
> Server Engineering Manager 230 Peachtree St. Suite 500
> jonz@netrail.net Atlanta, GA 30303
> http://www.netrail.net (888) - NETRAIL
> -------------------------------------------------------------------------
>
>