On 2001-11-19 Larry W. Cashdollar wrote the folowyng: LWC> I think we are going to find a new era of buffer overflows, not in LWC> the daemons themselves but the user utilities that they call. Overflows LWC> in non-setuid binaries might be worth cataloging if these binaries are LWC> being called by applications that are listening to a socket. LWC> This might be a good time to be thinking about what relies on what. I remember reading about something similar (if anybody knows something more about it I would be happy to refresh my memory). Many admins did a |mail from cron and they did it in a way that made it possible for attackers to execute commands (mail has/had such a feature). The conclusion was that we are using (though I was sure the problem was eliminated long ago... guess I'm to young to know better :) programs not designed to be secure in ways which require them to be secure (who cares if your grep does a segfault? it's not suid!... but remember all those maintenance scripts run from cron suid root? every third line does a |grep... oops I did it again :). -- Mariusz Mazur "One Ring to bring them all and in the darkness bind them" rem begin JenniferLopez_Naked.jpg.vbs :)
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 13:12:31 PST