getting vendors to fix security bugs
John F Haugh II
jfh at rpp386.cactus.org
Thu Feb 21 23:32:59 AEST 1991
In article <123462 at uunet.UU.NET> rbj at uunet.UU.NET (Root Boy Jim) writes:
>Has anyone done any real measurements? Has anyone actually
>successfully exploited this bug (of course I mean under test
>conditions, on your own machine, where you have root access anyway),
>or do we all just parrot this mantra: suid scripts are insecure.
I've tried measuring it and this is what I've found -
* the window is bigger on more heavily loaded systems.
* anyone can heavily load a system.
* you can fake it using "nice".
Regarding the first point, on a lightly loaded system I had trouble
exploiting the bug. But when I made the system crawl, I hit the
hole the first or second time around almost every time.
--
John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832 Domain: jfh at rpp386.cactus.org
"I've never written a device driver, but I have written a device driver manual"
-- Robert Hartman, IDE Corp.
More information about the Comp.unix.internals
mailing list