[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
i am doing a script that acts like a daemon and kills of a user
who tries buffer overflow exploits. unfortunately, it is too dumb. it
kills all the setuid processes a user executes. So, my question is how do
i make a program differentiate between a normal setuid program ( chfn,
passwd ) and a buffer overflow exploit ( pam.sh , sendmail exploit ) ?
You can get the script in http://www.pes.edu/~omicron/nasty.html
hopefully by tomorrow.
This is a shell script and starts from inittab or the rc.d scripts , so
this has the root powers. The solution might preferably be in a script
form ( a c program will not necessarily cause a big change in the script
though ). i am looking towards ps -aux to get the solution, but i'm not
too conviced of the security.
Sridhar (cheedu) || mail: cheedu@xxxxxxxx
II Sem, || page: http://www.geocities.com/sri_dhar_n
B.E Info Tech || site: cheedu.dyndns.org
PESIT || nick: omicron,cheedu
Smile.. Tomorrow will be worse