On Mon, 27 Jul 1998, Theo de Raadt wrote: > Whoopty doo -- another way to crash another operating system has been > reported. This is twice now that a 'local' OpenBSD crash has made it > to bugtraq as if it were a typical exploit. Does this now mean > bugtraq is open ground for reporting any way to crash a multiuser > operating system? I bet there are plenty of ways to crash any > operating system, if you have a local account. There are operating systems -- KeyKOS and MVS, for example -- in which making this impossible is an explicit design goal. I do not believe there are any known local-DoS exploits for either of these two OSes. > However, this bug does not by itself provide anyone with a way to gain > elevated priviledges and greater control of the system. That is what > most of us normally call an 'exploit', or has the lingo changed > recently? Sometimes, being able to crash a machine reliably is enough control to cause some serious damage. > But I have not seen many ways to crash Linux > on BUGTRAQ, so I think people expect more of us. Perhaps this should change. > > Black hats distribute these kind of exploits quickly. Let's make sure a > > few white hats know about them too. > > Black hats distribute information on how to crash systems? I thought > they were concentrating on breaking root. Yes, black hats do distribute information on how to crash systems. Kragen
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:08:53 PDT