Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Mariusz Mazur (mariuszisn.pl)
Date: Mon Nov 19 2001 - 11:05:06 CST
On 2001-11-19 Larry W. Cashdollar wrote the folowyng:
LWC> I think we are going to find a new era of buffer overflows, not in
LWC> the daemons themselves but the user utilities that they call. Overflows
LWC> in non-setuid binaries might be worth cataloging if these binaries are
LWC> being called by applications that are listening to a socket.
LWC> This might be a good time to be thinking about what relies on what.
I remember reading about something similar (if anybody knows something
more about it I would be happy to refresh my memory). Many admins did a
|mail from cron and they did it in a way that made it possible for
attackers to execute commands (mail has/had such a feature). The
conclusion was that we are using (though I was sure the problem was
eliminated long ago... guess I'm to young to know better :) programs not
designed to be secure in ways which require them to be secure (who cares
if your grep does a segfault? it's not suid!... but remember all those
maintenance scripts run from cron suid root? every third line does a
|grep... oops I did it again :).
-- Mariusz Mazur "One Ring to bring them all and in the darkness bind them" rem begin JenniferLopez_Naked.jpg.vbs :)