> If anyone got on a firewall setup like this it is simple to compile a binary > offsite to suit the architecture, static if necessary, and import it, run it > and then have that binary act as a personal ftp/shell/port login process. > > Have a nice day > Mark > mark@lochard.com.au I modified our kernel to do trust circles (mainly mods to exec.c) quite some time ago. To put it simply, only non group and world writable binaries owned by "trusted" users (root, etc) in trusted user owned directories can be executed . This goes for #! expansion as well. If however a user is in the "exec" group then they can execute their own binaries. Bypassing this system requires the privilages of the trusted user or root. Using a flaw to create, or finding a group or world writeable file owned by a trusted user and placing your code into it will not work, unless you can turn off the group/world write permission afterwards. Attempted trust violations are klogged. Every time the latest IFS (etc) style "execute my code now", kernel call bug or race condition is found, I amuse myself by watching the frustration of people trying to exploit it. The reason the directory in which the trusted binary lays must also be trusted is that one can do things like: $ cd /tmp $ ln /sbin/reboot usr $ export IFS=/ $ neil+karl_food -y -- +----------------------------------+-----------------------------------------+ |Julian Assange | "if you think the United States has | |FAX: +61-3-9819-9066 | has stood still, who built the largest | |EMAIL: proff@suburbia.net | shopping centre in the world?" - Nixon | +----------------------------------+-----------------------------------------+