Qnx is posix compliant distributed architecture with neutrino microkernel at its RTOS core, not linux. Although cross platform development from windows or linux is possible since it is POSIX 1003.1. Its security efforts are rather minimal. Its primary focus is unprecedented scalability over beowulf type parallel clusters or smp boards and fully transparent networking system (Qnet). There is significant amount of other security issues associated with this platform, so I wouldnt be surprised about this coming up. teknophreak wrote: > QNX 2.4 FILE READ VULNERBILITY > ------------------------------------------ > BY: Teknophreak (klllbill1at_private) > > QNX 2.4 is a mini-linux based Operating System which can be downloaded for free at www.qnx.com. QNX 2.4 is made to install on a FAT partition. A vulnerabilty exist which allows > you to read any file on the system. > > example: > > $ more /etc/shadow > Permission Denied > > if you try to view a file which you don't have read access to, DUH! you wont be able > to read it. > Well, If you find out where the FAT filesystem is mounted usually /fs-dos then you > can do this. > > $ more /fs-dos/linux/etc/shadow > > then.... > booyah! > you can read a file you won't be able to read under normal circumstances.
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 21:21:45 PDT