[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]


	i am doing a script that acts like a daemon and kills of a user
who tries buffer overflow exploits. unfortunately, it is too dumb. it
kills all the setuid processes a user executes. So, my question is how do
i make a program differentiate between a normal setuid program ( chfn,
passwd ) and a buffer overflow exploit ( pam.sh , sendmail exploit ) ?

You can get the script in http://www.pes.edu/~omicron/nasty.html
hopefully by tomorrow.

This is a shell script and starts from inittab or the rc.d scripts , so
this has the root powers. The solution might preferably be in a script
form ( a c program will not necessarily cause a big change in the script
though ). i am looking towards ps -aux to get the solution, but  i'm not
too conviced of the security.


Sridhar	(cheedu)  || mail: cheedu@xxxxxxxx
II Sem,		  || page: http://www.geocities.com/sri_dhar_n
B.E Info Tech 	  || site: cheedu.dyndns.org
PESIT 		  || nick: omicron,cheedu

Smile.. Tomorrow will be worse