Tetsuo Handa wrote:
> Crispin Cowan wrote:
>
>> However, behavioral detection can generate false positives, so the
>> severe reactions of Enforce, or even Tetsuo's suggestion of replacing
>> the exec target with /bin/true, are quite arduous. In an interesting
>>
> As I said above, execve()
Hello.
Thank you for your comment.
Crispin Cowan wrote:
> What is special about execve()? If the attacker can inject arbitrary
> shell code, they can do any kind of DoS attack, such as "while (1) {}"
> or "while (1) {system=("cat /var/log/messages >/dev/null");}"
Yes, shellcode that triggers "whi
Tetsuo Handa wrote:
> and the victim server process executes
>
> while (1) {
> update_condition();
> if (condition_is_met) execve("/bin/sh");
> };
>
> while execve("/bin/sh") is denied by security policy.
>
> The result is that the victim server process eats
> 100% of CPU resource and w
--- Kyle Moffett <[EMAIL PROTECTED]> wrote:
> ...
>
> As for the script, I'm partway through debugging it but my time is
> all chewed up with other stuff now, so it may take me an extra couple
> days.
Any progress on this?
Casey Schaufler
[EMAIL PROTECTED]
-
To unsubscribe from this list:
Hello.
MAC can prevent execution of programs that are not
permitted by security policy.
Some exploits sends shellcodes containing execve("/bin/sh") like
while (1) {
update_condition();
if (condition_is_met) execve("/bin/sh");
};
and the victim server process executes
while (1) {