Full Disclosure mailing list archives
Re: oops
From: full-disclosure () lists netsys com (full-disclosure () lists netsys com)
Date: Tue, 27 Aug 2002 12:00:48 -0700
On Wed, 28 Aug 2002, zen-parse wrote:
oops ./xxt -i inp.xxt -k woot -d -x -o /etc/shadow probably be better to overwrite some daemon with /bin/sh and connect,or something like that.
/me chuckes at self and rummages for O_EXCL flag Good job, and nice "stuff". Only you weren't on my list of trash talkers. It's not quite a cryptographic reversal or a overflow exploit for some unchecked buffer, but it makes a damn good point. In a SUID situation xxt should most definitely use an exclusive open. I hearby declare you the winner of the SETUID portion of the trash talker challenge but do not dub you a trash talker. It doesn't quite fit what I originally stated, but I think it qualifies. Email me privately and I'll send you your 50 bucks. I'm a man of my word. Also I'll still offer 50 to anyone who can actually reverse the crypto. You've taught me an important lesson, which I think is this: never resort to trash talking while dealing with trash-talkers OR never drink a couple of cranvodkas and write email to a public list. :-) aliver
your help page is wrong about either the -u option, or the example code too..
Is it? Hmm I'll check that out. Thanks.
Current thread:
- Oops Anthony LaMantia (Aug 12)
- <Possible follow-ups>
- oops zen-parse (Aug 27)
- Re: oops full-disclosure () lists netsys com (Aug 27)
- Re: oops Charles Stevenson (Aug 27)
- cran + vodka = unf KF (Aug 27)
- cran + vodka = unf ATD (Aug 28)
- Re: oops ATD (Aug 28)