lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <52A38AA7-8975-11D8-9B18-000A959F4D8A@arpa.com>
From: jamie at arpa.com (jamie)
Subject: FAT32 input > output = null?

I read m.wood's post, and had to go read the OP.

This is a serious vulnerability.

The type as referenced Microsoft #id-10T et al, Pebkac edition.

The other day, I was at the post office.. My postal person left a 
notice for me to pick up a package.

Big, long, slow moving line.. and this Certain Ethnic woman was on her 
cell phone.. talking at the top of her vocal volume, like she was on a 
tin can and string about 100 miles long, really annoying everyone in 
line.

This lady in front of me finally piped up "Will you be quiet? Take that 
outside."

The CE woman gave this "pissoff" look to the lady in front of me, and 
kept talking.

The lady turned dismissed the CE woman, and turned around to comment to 
me.

"Some people are just too stupid to yell at or explain why they're 
idiots," she said.

I agree.



On 7 Apr 2004, at 18:19, Chris Palmer wrote:

> chris writes:
>
>> This also works with the 2.4.24 Linux kernel (Slackware 9.1):
>
> It's the shell, not the kernel. When you say "./foo > ./foo", the shell
> interprets "> ./foo" FIRST and does something like open("foo", O_TRUNC 
> |
> O_CREAT).
>
> Take a look at any Unix shell document and the open(2) man page -- this
> is old, known, documented behavior. It may violate the principle of
> least surprise, but it's not a vulnerability in the proper sense.
>
>
> -- 
> Chris Palmer
> Staff Technologist, Electronic Frontier Foundation
> 415 436 9333 x124 (desk), 415 305 5842 (cell)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ