getting vendors to fix security bugs
Lars Henrik Mathiesen
thorinn at diku.dk
Fri Feb 22 07:01:16 AEST 1991
rbj at uunet.UU.NET (Root Boy Jim) writes:
>BTW, what are the chances of hitting the window on the suid scripts?
>By that I mean, suppose I have the perfect program to exploit it,
>which I've just compiled on a system where a suid script and the
>perfect conditions to exploit it exist. Isn't it true that
>(1) I have only a very small chance of winning, and
>(2) I only get one shot?
(1) You can load the dice (widen the hole) arbitrarily, or at least up
to a user resource limit.
(2) If you miss the hole on one side, no one need ever know.
I tried it once, with the simplest implementation I could make (loaded
against hitting the window compared to the environment where an attack
would probably happen). It didn't work on an unloaded machine, but a
light load made it go through about once every seven or ten tries.
Proper implementation would make it almost certain, I think.
--
Lars Mathiesen, DIKU, U of Copenhagen, Denmark [uunet!]mcsun!diku!thorinn
Institute of Datalogy -- we're scientists, not engineers. thorinn at diku.dk
More information about the Comp.unix.wizards
mailing list