On Fri, 21 Jul 2000, Andre Hedrick wrote:
>
>
> > > > Can disk-destroyer be pushed into a shellstack because it is so small?
> > > >
> > > Yes, it's true. It can be made even smaller, much smaller, than the
> > > compiled size of the code. Although the limits on how much shellcode
> > > you can send in a buffer overrun do vary, I expect this will almost
> > > certainly fit in just about every buffer overrun I've seen.
>
> Here is your SECURITY HOLE!
>
> JOE-SIX-PACK-HACKER can fry your butt.
Will you *please* wake up and realize that it makes no difference
if it can fit into a buffer overrun or not? That does not mean *anything*
since you can almost always fit the code neccessary to gain a root shell
to the machine in the same space.
Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:19 EST