Re: Linux Buffer Overflow Security Exploits

Rogier Wolff (R.E.Wolff@BitWizard.nl)
Thu, 18 Mar 1999 08:15:36 +0100 (MET)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ph. Marek: "RFC: patch for /proc/uptime against 2.2.2"
Previous message: Mike Galbraith: "RE: Time for modutils-2.2.2-pre1"

Matthias Urlichs wrote:
> R.E.Wolff@BitWizard.nl (Rogier Wolff) writes:
> > is a bit more comfortable than writing a program that continually
> > tries to pass illegal arguments to system calls, because when you
> > succeeed, you will crash your machine many times before you have
> > an "exploit".
> >
> Umm, if you crash your machine by passing illegal values to syscalls then
> you _have_ found an exploit.

Agreed. I meant "an exploit that gives you full control over the machine".

Just crashing a machine is nice for denial of service, but if you want
to steal company secrets full control over a machine is much more useful.

Roger.

-- 
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
*   Never blow in a cat's ear because if you do, usually after three or  *
*   four times, they will bite your lips!  And they don't let go for at  *
*   least a minute. -- Lisa Coburn, age 9

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ph. Marek: "RFC: patch for /proc/uptime against 2.2.2"
Previous message: Mike Galbraith: "RE: Time for modutils-2.2.2-pre1"