Matthew Palmer <[EMAIL PROTECTED]> writes: >> > I hate it. A perfect example of how we can't trust *giant frogs*
> Nothing like changing in front of girls. You tosser. It was a joke about trust, but what ever. >> Someone played a similar game in a cvs repository containing the Linux >> kernel recently (not the official tree), they used the common bug of >> if(a=b) , rather than if(a==b) , to try and disguise it, it was a back >> door to get root. > > That's not even vaguely similar to the attack described in the above > referenced paper. Really? I'm surprised you don't see the similarities. What the paper described wasn't so much an attack, though, as you put it, but an educational experiment to see if it could be done, and I guess as a heads up to others. The Linux source code changes were a bit different in that it was malicious. They both created a Trojan horse, though, and they both demonstrate that untrusted source code, especially lower level code, has the potential to be dangerous. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
