Re: Serious attack vector on pkcheck ignored by Red Hat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Wed, February 15, 2017 1:29 pm, Chris Adams wrote:
> Once upon a time, Valeri Galtsev <galtsev@xxxxxxxxxxxxxxxxx> said:
>> Indeed, perl and often python are installed on most of servers I run.
>> Not
>> considering myself security expert, I would like to ask: could you point
>> to some elevation of privileges exploit written in perl or python? All
>> I've seen were c/c++, but again I'm just a humble sysadmin.
>
> That wasn't the point; the point was that users can only run system
> binaries so they can only do what is "permitted".  I don't know about
> python, but perl can make arbitrary kernel system calls (even if they
> aren't actually supported by perl), so having perl installed allows
> users to do anything a compiled program can do.  Trying to control what
> users can do by mounting "noexec" is not particularly limiting, at least
> to somebody determined.

Thanks for answering. Well, I have seen attempts on my systems, more than
once, and they were unsuccessful, as all user writable on these two
machines was mounted noexec (and also nosuid, nosgid, nodev). Of course,
systems didn't have unpatched known exploits, here we are on the same
page: you have to keep your system updated. So they shouldn't be
successful even if they were executed. Still, noexec is like yet one more
line of defense. Pretty much like we lock front doors of our buildings,
even though we do lock doors of our apartments. Or the same as having
firewall, even though you don't have anything listening to some ports
which is not supposed to. I kind of was repeated too many times by many
people in my life that there is no overdoing when the security is
concerned.

Valeri

>
> So it may be harder/more cumbersome/etc., but I believe that you could
> write exploits in perl or python; it just isn't commonly done in
> examples because of the extra work (it's also probably harder to read).
>
> --
> Chris Adams <linux@xxxxxxxxxxx>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux