Rich Freeman on 9 Dec 2014 17:40:18 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] The 'Penquin' Turla

On Tue, Dec 9, 2014 at 12:40 PM, Keith C. Perry
<> wrote:
> I find it hard to believe that perl or any other available "magic" gets
> around a properly configured system that uses Linux capabilities with nosuid
> mounted filesystems.  That would break selinux enhancements, cpusets and
> generally the concept of Linux containers from the security point of view.
> If you have a link to some perl scripts that do this, I'd like to test this
> in my lab to confirm for myself.  You never know but I don't see a practical
> attack vector for this on modern Linux box either.

Without a zeroday you don't need nosuid/selinux/etc to block this.
Just regular kernel security will block non-privileged processes from
listening on low ports, sniffing traffic, and so on.

Now, you can listen and run arbitrary commands as a non-privileged
user all you want to.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --