Full Disclosure mailing list archives

RE: remote kernel exploits?

From: gml () phrick net (gml)
Date: 13 Sep 2002 14:40:31 -0500

Personally I could really care less about "0-day exploits". There are a
thousand ways to penetrate a machine that are more effective then
relying on finding that one obscure piece of code. Why doesn't anyone
ever discuss interception, people seem to bent on the latest
vulnerability.  Then again what do I know. Maybe it IS all about
"0-day".

On Fri, 2002-09-13 at 05:41, silvio () big net au wrote:

To summarize the discussion so far..

"i heard a rumour of a remote kernel exploit"
"i think i want it"
"i dont want to look at source myself or consider plausibily, because if
 someone has it, it'll show up"
"then i'll have it"

During the same dialogue..

"i heard a rumour of a remote kernel exploit"
"i need to know if the script kiddies have it"
"the script kiddies could only have gotten it from a researcher"
"if they have it, then it'll show up through defacements"
"therefore i'll have it soon enough"

Did I miss something?

Has there been one ounce of technical discussion during this?
Has anyone even google'd on the topic and seen discussion of kernel issues
relating to security?

I say this.. lets all be "security experts" by posting "give me exploits"
commentry to public mailing lists..

ok.. i will say something slightly on topic to compensate for this post.

re  "int len = strlen(arg)"
you dont need physical etc memory to get arg > 2g (assuming int is 32bit).

mmap'ing(s) with a file (on many platforms i imagine), allows you access
to >2g of contigous memory that is eventually null terminated (if desired).
but if you try to do a memset of this size, your probably going to have
problems, since at that point your total virtual memory size (not address
space) comes into play, since it'll have to cross over to copy on write
semantics certainly.

as for passing this to argv.. E2BIG ;-)

anyway.. int strlen() is obviously incorrect, as strlen() returns size_t,
which is specified as an unsigned integer.

hey.. anyone notice that gcc 2.95 doesn't warn on using // style comments
with -pedantic option? or is it just me..

so now that everyone knows something to fix.. go fix!

It takes an expert to know an expert.. at the same time, if everyone's lying,
everyone is telling the truth!

--
Silvio
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

remote kernel exploits?, (continued)
- remote kernel exploits? isergevsky () hushmail com (Sep 08)
- remote kernel exploits? memetic-engineer () australia edu (Sep 08)
- RE: remote kernel exploits? Yonatan Bokovza (Sep 10)
  - RE: remote kernel exploits? Jacques A. Vidrine (Sep 10)
- RE: remote kernel exploits? Gommers, Joep (Sep 11)
- RE: remote kernel exploits? andy_mn () hushmail com (Sep 12)
  - RE: remote kernel exploits? Andrew Thomas (Sep 12)
  - RE: remote kernel exploits? HalbaSus (Sep 13)
    - RE: remote kernel exploits? silvio () big net au (Sep 13)
    - Message not available
    - RE: remote kernel exploits? silvio () big net au (Sep 13)
    - RE: remote kernel exploits? gml (Sep 13)
    - RE: remote kernel exploits? Nick FitzGerald (Sep 13)
    - RE: remote kernel exploits? gml (Sep 13)
- RE: remote kernel exploits? Gommers, Joep (Sep 12)
- RE: remote kernel exploits? isergevsky () hushmail com (Sep 13)