Date: Mon, 17 Feb 1997 23:43:05 -0800 From: obrien@NUXI.com (David O'Brien) To: cmott@srv.net (Charles Mott) Cc: freebsd-chat@freebsd.org Subject: Re: Countering stack overflow Message-ID: <19970217234305.NF08438@dragon.nuxi.com> In-Reply-To: <Pine.BSF.3.91.970217204736.3518C-100000@darkstar>; from Charles Mott on Feb 17, 1997 21:10:17 -0700 References: <199702180343.TAA03412@root.com> <Pine.BSF.3.91.970217204736.3518C-100000@darkstar>
next in thread | previous in thread | raw e-mail | index | archive | help
Charles Mott writes: > The whole point of the stack overflow attack, as it has been explained to ... > I am mainly interested in this vulnerability since it seems to allow an > outsider to waltz into your machine and gain root privilege immediately. > It seems to be much more serious than the other security problems. Not so. It is just the vulnerability of the quarter (I'm a grad student). Over the summer, I was seeing tons of symlink vulnerabilities. My favorate "get root" exploit is the /bin/mail race on SunOS and Ultrix. Works beautifully. My favorate sendmail bug, was when the "debug" array indexes weren't checked and you could write outside the "debug" array to replace "/etc/sendmail.cf" with "/tmp/sendmail.cf". Thus running your own sendmail.cf file in trusted mode (ie. didn't drop permissions like it usually does if you provide it with a non-default sendmail.cf file). So what I'm trying to say, is stack overflow attacks are not the most serious. They are all equally serious. And many other vulnerabilities are easier to expliot than the stack overflow vulnerability. > I agree that going to strncpy's is a good idea, I am just personally > curious about adding an extra layer of security. ^^^^^^^^ obscurity -- -- David (obrien@NUXI.com -or- obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970217234305.NF08438>