lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: gml at phrick.net (gml)
Subject: RE: remote kernel exploits?

Personally I could really care less about "0-day exploits". There are a
thousand ways to penetrate a machine that are more effective then
relying on finding that one obscure piece of code. Why doesn't anyone
ever discuss interception, people seem to bent on the latest
vulnerability.  Then again what do I know. Maybe it IS all about
"0-day".

On Fri, 2002-09-13 at 05:41, silvio@....net.au wrote:
> To summarize the discussion so far..
> 
> "i heard a rumour of a remote kernel exploit"
> "i think i want it"
> "i dont want to look at source myself or consider plausibily, because if
>  someone has it, it'll show up"
> "then i'll have it"
> 
> During the same dialogue..
> 
> "i heard a rumour of a remote kernel exploit"
> "i need to know if the script kiddies have it"
> "the script kiddies could only have gotten it from a researcher"
> "if they have it, then it'll show up through defacements"
> "therefore i'll have it soon enough"
> 
> Did I miss something?
> 
> Has there been one ounce of technical discussion during this?
> Has anyone even google'd on the topic and seen discussion of kernel issues
> relating to security?
> 
> I say this.. lets all be "security experts" by posting "give me exploits"
> commentry to public mailing lists..
> 
> ok.. i will say something slightly on topic to compensate for this post.
> 
> re  "int len = strlen(arg)"
> you dont need physical etc memory to get arg > 2g (assuming int is 32bit).
> 
> mmap'ing(s) with a file (on many platforms i imagine), allows you access
> to >2g of contigous memory that is eventually null terminated (if desired).
> but if you try to do a memset of this size, your probably going to have
> problems, since at that point your total virtual memory size (not address
> space) comes into play, since it'll have to cross over to copy on write
> semantics certainly.
> 
> as for passing this to argv.. E2BIG ;-)
> 
> anyway.. int strlen() is obviously incorrect, as strlen() returns size_t,
> which is specified as an unsigned integer.
> 
> hey.. anyone notice that gcc 2.95 doesn't warn on using // style comments
> with -pedantic option? or is it just me..
> 
> so now that everyone knows something to fix.. go fix!
> 
> It takes an expert to know an expert.. at the same time, if everyone's lying,
> everyone is telling the truth!
> 
> --
> Silvio
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ