Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Alexander Pavlovic (alex.pavlovicMARKETINGTIPS.COM)
Date: Mon Apr 23 2001 - 19:31:07 CDT
Qnx is posix compliant distributed architecture with neutrino microkernel at its RTOS core,
not linux. Although cross platform development from windows or linux is possible since it is
POSIX 1003.1. Its security efforts are rather minimal. Its primary focus is unprecedented scalability
over beowulf type parallel clusters or smp boards and fully transparent networking system (Qnet).
There is significant amount of other security issues associated with this platform, so I
wouldnt be surprised about this coming up.
> QNX 2.4 FILE READ VULNERBILITY
> BY: Teknophreak (klllbill1juno.com)
> QNX 2.4 is a mini-linux based Operating System which can be downloaded for free at www.qnx.com. QNX 2.4 is made to install on a FAT partition. A vulnerabilty exist which allows
> you to read any file on the system.
> $ more /etc/shadow
> Permission Denied
> if you try to view a file which you don't have read access to, DUH! you wont be able
> to read it.
> Well, If you find out where the FAT filesystem is mounted usually /fs-dos then you
> can do this.
> $ more /fs-dos/linux/etc/shadow
> you can read a file you won't be able to read under normal circumstances.