SECURITY BUG IN INTERACTIVE UNIX SYSV386
Conor P. Cahill
cpcahil at virtech.uucp
Sun Feb 17 06:32:46 AEST 1991
lumpi at dobag.in-berlin.de (Joern Lubkoll) writes:
>cpcahil at virtech.uucp (Conor P. Cahill) writes:
>> POSTING THE CODE WAS DEAD WRONG.
>Everyone being able to use debugger or the disassembler, will be able
>to get the information out of the binary !
Yes, but that requires the following:
1. the desire to spend the time doing it.
2. the ability to read and understand the assembly language
3. the ability to turn that back into a c program
4. the knowledge that there is a disassembler
Not trying to nock on anybody in particular, but I would bet that most
of the people that read this newsgroup would probably not have at
least one of the requirements.
Don't read me wrong. I'm not saying that no one outthere would be
able to replicate the problem. I am only saying that because the
code was posted EVERYONE who reads this group will be able to do it.
>Don't you think, this is enough for anyone to see, whats going on ?
Seeing what is going on and replicating it in another program is not
always a simple step.
--
Conor P. Cahill (703)430-9247 Virtual Technologies, Inc.
uunet!virtech!cpcahil 46030 Manekin Plaza, Suite 160
Sterling, VA 22170
More information about the Comp.unix.sysv386
mailing list