On Thu, 08 Jul 2004 12:04:53 +0200, Matthias Benkmann <msbREMOVE-THIS@xxxxxxxxxxxxxxx> said: > I can't say I've looked at much exploit-code so far but the POC exploits > to gain root I've seen for Linux all executed /bin/sh. I'd like to know if > this is true for in-the-wild exploits to root a box, too. If so, would it > be a useful security measure to rename /bin/sh and other shells (after > making sure that everything that needs them has been updated to the new > name, of course)? The problem is making sure that *everything* has been updated, and stays updated. > If renaming the shell is not enough, how about renaming all of the > standard Unix top-level directories (such as /bin, /etc,...)? Would that > defeat standard exploits to root a box? It would also defeat standard ways to install patches and so on. Don't forget to grep all your shared libraries (hint - how many places doe glibc look in /etc for stuff?) Unless it's an embedded system that only needs like 6 binaries to do its job, you will go nuts trying to maintain it.
Attachment:
pgp00018.pgp
Description: PGP signature