[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.SGI.4.44.0208271136060.193553-100000@hexeris>
From: aliver at xexil.com (aliver@...il.com)
Subject: Re: oops
On Wed, 28 Aug 2002, zen-parse wrote:
> oops
> ./xxt -i inp.xxt -k woot -d -x -o /etc/shadow
> probably be better to overwrite some daemon with /bin/sh
> and connect,or something like that.
/me chuckes at self and rummages for O_EXCL flag
Good job, and nice "stuff". Only you weren't on my list of trash talkers.
It's not quite a cryptographic reversal or a overflow exploit for some
unchecked buffer, but it makes a damn good point. In a SUID situation xxt
should most definitely use an exclusive open.
I hearby declare you the winner of the SETUID portion of the trash talker
challenge but do not dub you a trash talker. It doesn't quite fit what I
originally stated, but I think it qualifies. Email me privately and I'll
send you your 50 bucks. I'm a man of my word. Also I'll still offer 50 to
anyone who can actually reverse the crypto. You've taught me an important
lesson, which I think is this: never resort to trash talking while dealing
with trash-talkers OR never drink a couple of cranvodkas and write email
to a public list. :-)
aliver
> your help page is wrong about either the -u option, or the example code
> too..
Is it? Hmm I'll check that out. Thanks.
Powered by blists - more mailing lists