{"id":80,"date":"2008-05-18T20:49:00","date_gmt":"2008-05-18T11:49:00","guid":{"rendered":"http:\/\/yokensaka.com\/fedora\/?p=80"},"modified":"2008-05-18T20:49:00","modified_gmt":"2008-05-18T11:49:00","slug":"%e3%83%90%e3%83%83%e3%83%95%e3%82%a1%e3%83%bb%e3%82%aa%e3%83%bc%e3%83%91%e3%83%bc%e3%83%95%e3%83%ad%e3%83%bc%e5%af%be%e7%ad%96%ef%bc%88exec-shield%ef%bc%89","status":"publish","type":"post","link":"http:\/\/yokensaka.com\/fedora\/?p=80","title":{"rendered":"\u30d0\u30c3\u30d5\u30a1\u30fb\u30aa\u30fc\u30d1\u30fc\u30d5\u30ed\u30fc\u5bfe\u7b56\uff08Exec-Shield\uff09"},"content":{"rendered":"<p><b>\u25a0\u3000FC6 \/ Fedora7 \/ Fedora8 \/ Fedora9<\/b><br \/>\nExec-Shield\u3092\u6709\u52b9\u306b\u3057\u3066\u3001\u30d0\u30c3\u30d5\u30a1\u30fb\u30aa\u30fc\u30d1\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b\u3002<br \/>\n\u25a0 Exec-Shield\u306e\u8a2d\u5b9a<\/p>\n<pre>\u73fe\u72b6\u78ba\u8a8d\n[root@server ~]# cat \/proc\/sys\/kernel\/exec-shield\n1\nExec-Shield\u3092\u6709\u52b9\u306b\u3059\u308b\u3002\n[root@server ~]# echo 2 > \/proc\/sys\/kernel\/exec-shield\n\u518d\u78ba\u8a8d\n[root@server ~]# cat \/proc\/sys\/kernel\/exec-shield\n2\n\u8d77\u52d5\u6642\u306b\u3001\u6709\u52b9\u306b\u3059\u308b\u3002\n[root@server ~]# vi \/etc\/rc.d\/rc.local\necho 2 > \/proc\/sys\/kernel\/exec-shield\u3000\u3000\u3000\u3000\u2190 \u8ffd\u52a0<\/pre>\n<p>\u25a0 Exec-Shield\u306e\u52d5\u4f5c\u78ba\u8a8d<\/p>\n<pre>[root@server ~]# wget http:\/\/pubs.research.avayalabs.com\/src\/libsafe-2.0-16.i386.rpm\n--20:09:05--  http:\/\/pubs.research.avayalabs.com\/src\/libsafe-2.0-16.i386.rpm\n=> `libsafe-2.0-16.i386.rpm'\npubs.research.avayalabs.com \u3092DNS\u306b\u554f\u3044\u3042\u308f\u305b\u3066\u3044\u307e\u3059... 198.152.240.29\npubs.research.avayalabs.com|198.152.240.29|:80 \u306b\u63a5\u7d9a\u3057\u3066\u3044\u307e\u3059... \u63a5\u7d9a\u3057\u307e\u3057\u305f\u3002\nHTTP \u306b\u3088\u308b\u63a5\u7d9a\u8981\u6c42\u3092\u9001\u4fe1\u3057\u307e\u3057\u305f\u3001\u5fdc\u7b54\u3092\u5f85\u3063\u3066\u3044\u307e\u3059... 200 OK\n\u9577\u3055: 374,371 (366K) [text\/plain]\n100%[====================================>] 374,371      120.19K\/s    ETA 00:00\n20:09:09 (119.99 KB\/s) - `libsafe-2.0-16.i386.rpm' \u3092\u4fdd\u5b58\u3057\u307e\u3057\u305f [374371\/374371]\n[root@server ~]# rpm -ivh libsafe-2.0-16.i386.rpm  \u2190\u3000libsafe\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\n\u6e96\u5099\u4e2d...                   ########################################### [100%]\n1:libsafe                ########################################### [100%]\nAdding libsafe to ld.so.preload for system wide protection\n[root@server ~]# cp \/usr\/doc\/libsafe-2.0\/exploits\/t1 .\/  \u2190\u3000\u653b\u6483\u30c4\u30fc\u30eb\u3092\u30b3\u30d4\u30fc\n[root@server ~]# rpm -e libsafe  \u2190\u3000libsafe\u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\nRemoving libsafe from \/etc\/ld.so.preload (if exists)\n[root@server ~]# .\/t1  \u2190\u3000\u653b\u6483\u30c4\u30fc\u30eb\u306e\u5b9f\u884c\nThis program tries to use strcpy() to overflow the buffer.\nIf you get a \/bin\/sh prompt, then the exploit has worked.\nPress any key to continue...abc;  \u2190\u3000\u9069\u5f53\u306b\u5165\u529b\n\u30bb\u30b0\u30e1\u30f3\u30c6\u30fc\u30b7\u30e7\u30f3\u9055\u53cd\u3067\u3059  \u2190\u3000\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u304c\u30d6\u30ed\u30c3\u30af\u3055\u308c\u305f\n[root@server ~]# rm .\/t1  \u2190\u3000\u653b\u6483\u30c4\u30fc\u30eb\u3092\u524a\u9664\nrm: remove \u901a\u5e38\u30d5\u30a1\u30a4\u30eb `.\/t1'? y<\/pre>\n<div align=right><a href=\"#\">\u25b2 \u30da\u30fc\u30b8\u30c8\u30c3\u30d7\u3078<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u25a0\u3000FC6 \/ Fedora7 \/ Fedora8 \/ Fedora9 Exec-Shield\u3092\u6709\u52b9\u306b\u3057\u3066\u3001\u30d0\u30c3\u30d5\u30a1\u30fb\u30aa\u30fc\u30d1\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b\u3002 \u25a0 Exec-Shield\u306e\u8a2d\u5b9a \u73fe\u72b6\u78ba\u8a8d [root@serve [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-80","post","type-post","status-publish","format-standard","hentry","category-24-"],"_links":{"self":[{"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=\/wp\/v2\/posts\/80","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=80"}],"version-history":[{"count":0,"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=\/wp\/v2\/posts\/80\/revisions"}],"wp:attachment":[{"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=80"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=80"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/yokensaka.com\/fedora\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}