Date: Sat, 23 Nov 1996 08:53:48 +1100 (EST) From: Julian Assange <proff@suburbia.net> To: pst@shockwave.com (Paul Traina) Cc: cschuber@uumail.gov.bc.ca, security-officer@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Futile rexecd holes Message-ID: <199611222153.IAA13622@suburbia.net> In-Reply-To: <199611220947.BAA05167@precipice.shockwave.com> from "Paul Traina" at Nov 22, 96 01:47:27 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > After some careful analysis of the rexec/rshd "holes" mentioned in the > message, I'm convinced there are no security holes that actually need > fixing. > > Both exploits, even with tcp spoofing, give you nothing more than spoofing > directly would do. > > Thanks for the notice though, > > Paul Except you do not need root. It exploits the trust model, where it could not be exploited before. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | C7F81C2AA32D7D4E4D360A2ED2098E0D | +---------------------+--------------------+----------------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611222153.IAA13622>