Re: qmail exploits

[silvio () big net au (silvio () big net au)]

On Mon, Sep 16, 2002 at 09:31:20PM -0400, Nuno Fernandes wrote:
> Definition of terrorist:
> Characteristic of someone who employs terrorism (especially as a
> political weapon); "terrorist activity" n : a radical who employs terror
> as a political weapon
 
so in other words..

        "a terrorist is someone who does as a terrorist" 

?

thank you circular definitions 101.

> As per PHC's reponse:
>
> "PHC and #phrack@efnet targets only the IT security
> Industry", "PHC has no intention of harming anything else
> but the IT security industry in the name of non-disclosure".
>
> To me this is a form of conducting terrorism from a political
> standpoint.

Lets try explain the definitions of civil disobediance and a political activist?

this will be my meek attempt from my meager understanding..

policitical activism is primarily about establishing a
dialogue for political reform.  civil disobediance is a medium where a
dialogue is established through typically illegal grounds, hence requiring
that a dialogue _must_ be established in regards to disobediance.

most people who chain themselves or trees etc (whatever they do these days),
arent chaining themselves to trees to go to jail.. they are trying to
communicate a message and establish dialogue on a topic.

if the entire situation we've seen in the past months of full disclosure,
phc, gobbles, el8 and so forth..  dialogue has been the primary focus.  People
have actually spoken and tried to communicate their message, with an attempt
to make it two way conversation involving the parties involved.

is that civil disobediance, or something else ?

now terrorism definitions are so shady, but i suppose we need to look
at its roots.. cyberterrorism is an interesting phenomema, since i'm presuming
terrorism has more roots in the physical sense, than on a computer.
yes.. this predates 9/11 and even the internet!

to use a term like cyberterrorism yet at the same time be in such a legal
blackhole for associating any word with terrorism, as enough "reason" to
abolish constituational rights and the justice system as we know it, is rather
dangerous i think, dont you?

OK.. maybe something a little more technical now.

i'll see if i can remember this correctly as its been over a year since I
had to deal with this particular problem -->

any linker people can tell me what should be the correct behaviour in
the following situations?  - i really do not know the "correct" behaviour
in most of these cases, since its slightly ambiguous to say the least -->

personally.. i avoid it all, and try to give out decent namespaces ;-)

(i think this diagram may be wrong.. it has been a very long time since
this came up).

shared libraries A, B, C
executable E

E   links A
E dlopens B
          B links C

A and C share some of the same namespace for symbols.  the result for glibc
a while ago was that B would end up using the symbols from A.

so.. what happens if A is an open source library that we are required to use
for the symbols which clash.
and C happens to be a closed source propriety binaries only which we
are also required to use, for the symbols that dont clash.

binary patching is fun :)  the use of local symbols helps out here..

this one is a classic problem that is seen alot -->

shared libraries A, B
executable E
symbol M

E   links A using symbol M
E dlopens B using 'internal' symbol M

B however will use the symbol from A, ie, the "wrong" one.

consider you have a few hundred shared libraries that your working with..
you have a dozen or so main libraries also..

yah.. namespace gets important :)

oh.. yah. i've never really seen any warnings for any of this by the runtime
linker in linux etc :)

--
Silvio