Re: Possible Linuxconf Vulnerability

From: Neale Banks (nealeat_private)
Date: Mon May 03 1999 - 05:41:09 PDT

Next message: Sebastian Schreiber: "Re: Outlook 98 allows spoofing internal users"

Previous message: Jamie Rishaw: "FreeBSD 3.1 remote reboot exploit"
Next in thread: Dan Merillat: "Re: Possible Linuxconf Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 1 May 1999, Desync wrote:

[...]
> Obviously, someone would have to remove clock for this to occur. Which
> would conclude that either A) you had incorrect permissions for clock B)
> they had allready used some means of another true exploit to cause other
> program to misbehave.

No, this is not "obvious".  Maybe OpenLinux, like Debian, doesn't have a
/sbin/clock? Debian has a /sbin/hwclock, which I suspect has the
functionality Linuxconf is looking for.  The "problem" may well be
Linuxconf _presuming_ the existence of /sbin/clock.

> If someone really wanted to do some damage with physical access to a
> machine, popping a rescue disk set into the drive and rebooting with the
> reset switch would do fine.

Agreed: there is much to be said for the assertion "physical access ==
game over".

Regards,
Neale.

Next message: Sebastian Schreiber: "Re: Outlook 98 allows spoofing internal users"
Previous message: Jamie Rishaw: "FreeBSD 3.1 remote reboot exploit"
Next in thread: Dan Merillat: "Re: Possible Linuxconf Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:44:39 PDT