Re: [Full-Disclosure] No shell => secure?

[hax <uberhax@xxxxxxxxx>]

> So I have one example to back up my claim. Now it's your turn. Give me a
> worm that my scheme would not have protected me against. That's all you
> need to do to convince me. Easy, isn't it? No need to give me lengthy
> lectures. Just give me one URL. If you can't do that, don't bother
> replying. You're wasting your time, because you're telling me things I
> already know.

I was going to write a lengthy reply to your second email before I read this.
I was going to explain that you aren't much more secure this way, that
shellcode is trivial to rework for a different path, and that your
method still really is security through obscurity.
But apparently you don't want to hear that, and everyone else already
posted those points, so I'll save it.

I can't cite a worm that would infect your system.  I can't even cite
an exploit for a daemon that would work on your system without
editting.  I can tell you two things though:
1)  People on Windows used to rename C:\WINDOWS and C:\WINNT to other
things.  Viruses adapted to that.
2)  All the path changing in the world isn't going to save you from
exploits that don't rely on shells.  That includes directory
traversals, password bypasses, and SQL injection.  A faulty web
application is going to reveal your mysql password no matter what
crazy directory you have it in.

But you're going to go ahead and do it anyway, so keep us posted on
how it turns out.  I think the idea is stupid, and I don't think you
appreciate how long it will take to do, but I can't convince you of
that.  If anything you'll be left vulnerable for longer while you try
to rework what should be quick patches into your new cracked out file
structure.  Try to remember that you aren't making yourself
invulnerable from anyone who gives a little effort to attacking you.

--hax

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html