|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: DJB's students release 44 *nix software vulnerability advisories
Casper.Dik
Sun.COM
Date: Wed Dec 22 2004 - 11:56:18 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>/bin/sh exists to run shell commands. That is the purpose of the
>shell. NASM, on the other hand, is designed to create object files
>from assembly files. If NASM starts running arbitrary code on your
>machine, it's doing something unauthorized. That is a security hole.
>By typing "nasm file.S" you are not intending to authorize the author
>of file.S to take over your account, right?
What other purpose does NASM have other than to compile code
and then, implicitely, run it?
I could buy the argument for a webbrowser or a wordprocessor;
but a assembler or compiler?
>Also, could you please show me this shell script you speak of? All the
>shell scripts I know of that give me root access require me to type the
>root password. If you have found a way around this, then you are
>correct, "every UNIX system on Earth has a remote hole". :)
Any script which exploits a local security hole would do.
>Setting buff[1023] to '\0' is a good idea, since vsnprintf won't do
>that if vsprintf(buff, fmt, args) generates 1024 bytes.
You should have paid better attention in class.
Casper
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]