| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: cuttergo at gmx.net (Alexander E. Cuttergo)
Subject: Re: yet another OpenBSD kernel hole ...
On Mon, Nov 17, 2003 at 20:23:12 -0500 (EST), noir@...rhax0r.net wrote:
noir> attached exploit will get you uid=0 and break any possible chroot jail
noir> your parent process might be in, works on all 2.x and 3.x upto 3.3.
noir>
noir> priv seperation, chroot jail, systrace yeah yeah right ;P theo and niels
Your code does:
if((fd = open("./ibcs2own", O_CREAT^O_RDWR, 0755)) < 0) {
How on earth is this going to work against privilege separation ? In each
sane setup, a server process is chrooted to a directory with no writable
directories.
noir> so i hope, some of you openbsd loving losers will finally get the truth
noir> behind your cult. it is a big LIE, aloha ????
Being not a diehard obsd fan, I must notice that 3.4 kernel is built with
stack smashing protection, which reduces this hole to pure local DoS only. Can
you name any other OS which has any prevention against kernel buffer overflow ?
Yes, this bug is hopeless, but stay objective.
peace,
algo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031118/52e3491e/attachment.bin
Powered by blists - more mailing lists