Re: Mounting filesystems with "noexec"
> That said, my point is this: the amount of damage you can do from a
> "native" program is greater than the damage you can achieve from a
> script language, afaik.
This is not the case, unfortunately. There are already a lot of
exploits written in Perl, Python. Just google for "perl exploit" or
something similar. And this exploits are not like "construct proper GET
request for another SQL injection", but complicated buffer-overflowing
ones. Also exists some tutorials like this:
http://community.core-sdi.com/~juliano/withperl.txt
> At least a privilege escalation should be
> harder to obtain. I'm not sure about some languages such as Perl, though.
As was said above, perfoming privilege escalation in scripting
languages is not harder than in C, for example.
So, using "noexec" option for preventing malicious code from
execution is not desirable.
--
wbr,
Vasiliy
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 8 之 8 篇):