More PATH fallout. Who decided this was a good idea?
Stephen Gallagher
sgallagh at redhat.com
Mon Dec 8 13:30:44 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Les Mikesell wrote:
> Is attempting an access that the kernel routinely prevents considered a
> violation? That is, if I type 'file /etc/*' on such a system should I
> expect the black helicopters to start firing? I don't see how accesses
> that are denied matter to anyone - or why anyone running the
> shadow-tools utility without permission to access the relevant files
> should bother anyone either.
>
Actually, yes. There are environments in which an administrator may set
up heuristics to determine whether a user is attempting to probe the
system for vulnerability. In the systems like this I've seen, one very
common action to note is failed attempts by users to execute processes
in /sbin or /usr/sbin. Seeing the same user attempt to execute every
binary in one of those folders could be a clear sign that they are
probing for misconfigurations to take advantage of.
- --
- --------------------
Stephen Gallagher
RHCE 804006346421761
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk9IYQACgkQeiVVYja6o6MO1wCff+vaJmpxwa5E42xu2kO6qSYf
J0cAoKLOkEC/eCj2A4Z8EuVjhk+vn2pZ
=4CYt
-----END PGP SIGNATURE-----
More information about the devel
mailing list