lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: silvio at big.net.au (silvio@....net.au)
Subject: RE: remote kernel exploits?

To summarize the discussion so far..

"i heard a rumour of a remote kernel exploit"
"i think i want it"
"i dont want to look at source myself or consider plausibily, because if
 someone has it, it'll show up"
"then i'll have it"

During the same dialogue..

"i heard a rumour of a remote kernel exploit"
"i need to know if the script kiddies have it"
"the script kiddies could only have gotten it from a researcher"
"if they have it, then it'll show up through defacements"
"therefore i'll have it soon enough"

Did I miss something?

Has there been one ounce of technical discussion during this?
Has anyone even google'd on the topic and seen discussion of kernel issues
relating to security?

I say this.. lets all be "security experts" by posting "give me exploits"
commentry to public mailing lists..

ok.. i will say something slightly on topic to compensate for this post.

re  "int len = strlen(arg)"
you dont need physical etc memory to get arg > 2g (assuming int is 32bit).

mmap'ing(s) with a file (on many platforms i imagine), allows you access
to >2g of contigous memory that is eventually null terminated (if desired).
but if you try to do a memset of this size, your probably going to have
problems, since at that point your total virtual memory size (not address
space) comes into play, since it'll have to cross over to copy on write
semantics certainly.

as for passing this to argv.. E2BIG ;-)

anyway.. int strlen() is obviously incorrect, as strlen() returns size_t,
which is specified as an unsigned integer.

hey.. anyone notice that gcc 2.95 doesn't warn on using // style comments
with -pedantic option? or is it just me..

so now that everyone knows something to fix.. go fix!

It takes an expert to know an expert.. at the same time, if everyone's lying,
everyone is telling the truth!

--
Silvio

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ