Re: URGENT!

Roger Espel Llima (espel@iAgora.com)
Wed, 15 Jul 1998 17:50:30 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Linus Torvalds: "Re: 2.1.108 stress test results"
Previous message: Jon M. Taylor: "Re: FreeGPL license proposal (was Re: Linus Speaks About KDE-Bashing)"

> Has anyone read http://www.rootshell.com's July summaries lately? There
> are some security holes in Linux that *needs* fixing, before
> script-kiddies starts hacking our boxes to hell and back. :O(
>
> Some of them uses x86 assembler - and one was particularly nasty in that
> it gave chmod 777 access to /etc/passwd - yikes!!

The 4 exploits titled "x86 assembly that ..." don't actually exploit any
Linux security holes that need fixing. They're just position-independent
assembler code to do the syscalls needed to perform whatever operation
they do, _assuming_ you already have the appropriate rights.

The expected use is to plug the bit of asm code in some existing buffer
overflow exploit.

-- Roger Espel Llima, espel@llaic.u-clermont1.fr http://www.eleves.ens.fr:8080/home/espel/index.html

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Linus Torvalds: "Re: 2.1.108 stress test results"
Previous message: Jon M. Taylor: "Re: FreeGPL license proposal (was Re: Linus Speaks About KDE-Bashing)"