Re: Pentium DEATH in user-mode
George (jirka@5z.com)
Sun, 9 Nov 1997 16:01:38 -0800 (PST)
> > > If your pentium is used as a file-server or something in which a
> > > user doesn't log in, you will have no problem. Just rename the gcc
> > > compiler so someone can't write code on your system.
> >
> > Note that this bug means ANY buffer overflow bug, even on non-setuid apps,
> > is now an entry point for an attacker to crash your machine. Got users on
> > your system who wrote their own CGI apps in C?
>
> Personally I would prefer the system goes down than have a remote user
> give themselves a shell on my system. IMO if you have remotely exploitable
> buffer overflows then DoS is the least of your problems, but then I guess it
> depends on which direction your tolerances lie.
well .. but locking the machine at a point of a lot of disk writes can
easily kill a few of your partitions ... couldn't it ./.. so it wouldn't
just be a DoS attack ...
George
------------------------------------------------------------------------------
George Lebl <jirka@5z.com> http://www.5z.com/jirka/
------------------------------------------------------------------------------
WARNING:
Reading this message can affect the dimensionality of your
mind, change the curvature of your spine, cause the growth of hair on
your palms, and make a difference in the outcome of your favorite war.