lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.SGI.4.44.0208271136060.193553-100000@hexeris> From: aliver at xexil.com (aliver@...il.com) Subject: Re: oops On Wed, 28 Aug 2002, zen-parse wrote: > oops > ./xxt -i inp.xxt -k woot -d -x -o /etc/shadow > probably be better to overwrite some daemon with /bin/sh > and connect,or something like that. /me chuckes at self and rummages for O_EXCL flag Good job, and nice "stuff". Only you weren't on my list of trash talkers. It's not quite a cryptographic reversal or a overflow exploit for some unchecked buffer, but it makes a damn good point. In a SUID situation xxt should most definitely use an exclusive open. I hearby declare you the winner of the SETUID portion of the trash talker challenge but do not dub you a trash talker. It doesn't quite fit what I originally stated, but I think it qualifies. Email me privately and I'll send you your 50 bucks. I'm a man of my word. Also I'll still offer 50 to anyone who can actually reverse the crypto. You've taught me an important lesson, which I think is this: never resort to trash talking while dealing with trash-talkers OR never drink a couple of cranvodkas and write email to a public list. :-) aliver > your help page is wrong about either the -u option, or the example code > too.. Is it? Hmm I'll check that out. Thanks.
Powered by blists - more mailing lists