Re^6: perl pre-execution hook

But can the attacker?

Why not? If the attacker can run ./foo, s/he can almost certainly also run /usr/bin/perl /tmp/foo. Actually, it's more than likely that someone uploading something to /tmp (which can be expected to be mounted noexec) would try this in the first place...

Comment on Re^6: perl pre-execution hook Select or Download Code

Replies are listed 'Best First'.
Re^7: perl pre-execution hook by ikegami (Patriarch) on Jan 04, 2011 at 21:25 UTC
he can almost certainly also run /usr/bin/perl /tmp/foo. No, it completely depends on the bug being exploited. You're approaching this from the point of view that the attacker can run arbitrary commands. If so, why are you ok with just protecting `perl`? I'm assuming the OP isn't silly, so that means he's trying to defend against some specific attack.	[reply] [d/l]
Re^8: perl pre-execution hook by Anonyrnous Monk (Hermit) on Jan 04, 2011 at 22:03 UTC
it completely depends on the bug being exploited and as the OP said himself (right above) "executing "perl /tmp/whatever" actually happens alot".	[reply]
Re^9: perl pre-execution hook by ikegami (Patriarch) on Jan 04, 2011 at 22:19 UTC
Yes, noticed.Now it can be ruled out.	[reply]
Re^7: perl pre-execution hook by logix (Initiate) on Jan 04, 2011 at 20:51 UTC
And as i hinted below, executing "perl /tmp/whatever" actually happens alot. I did the no-exec thing years ago, but it doesnt solve the perl-bot problem.	[reply]