Re: Lindows Issues

[H C <keydet89 () yahoo com>]

KF,

Instead of saying that Lindows "SUCKS" w/ regards to
security responses, why don't you simply follow the
widely accepted vulnerability disclosure "methodology"
and write up an advisory?


--- KF <dotslash () snosoft com> wrote:
> Yes... we found about 7 or 8 suids to be exploitable
> in the default 
> config (local only so not any real threat...I don't
> believe its supposed 
> to be multi-user really)... they were reported to
> Lindows.com. Lindows 
> is based on Xandros linux so you may find that
> auditing Xandros will 
> reveal alot about Lindows. They (Lindows) SUCK on
> security type 
> responses is all I know ... they NEVER really got
> back to me. They 
> marked my case as "Solved" after they replyed "we
> will get back with you 
> shortly"for the 2nd time.
>
> * Response (Evan)* 06/17/2002 10:15 AM
> Thank you for the email. We are working on this and
> will get back with 
> you shortly.
> * Customer (Kevin Finisterre)* 06/17/2002 10:15 AM
> I forwarded several security issues on to your staff
> and only recieved
> one reply... what is the status of these issues? *
> Question Reference #020526-000013*
>
> -KF
>  
> * Question Reference #020617-000051*
> *Contact Information: * dotslash () snosoft com
> *Date Created: * 06/17/2002 10:15 AM
> *Last Updated: * 06/24/2002 04:08 PM
> *Status: * Solved
>
>
>
> elguapo25:/home/elguapo# uname -a
> Linux elguapo25 2.2.16 #1 Tue Jul 18 16:07:55 EDT
> 2000 i686 unknown
>
> elguapo25:/home/elguapo# cat /etc/issue
> Corel LINUX 1.2 (\l)
>
> elguapo25:/home/elguapo# cat /etc/motd
> Linux elguapo25 2.2.16 #1 Tue Jul 18 16:07:55 EDT
> 2000 i686 unknown
>
> Copyright (C) 1993-1999 Software in the Public
> Interest, and others
>
> Most of the programs included with the Debian
> GNU/Linux system are
> freely redistributable; the exact distribution terms
> for each program
> are described in the individual files in /usr/doc/
> */copyright
>
> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY,
> to the extent
> permitted by applicable law.
>
>
> elguapo25:~# /usr/games/xsok -xsokdir `perl -e
> 'print "A" x 9000'`
> Segmentation fault
>
> elguapo25:~# /usr/games/purity `perl -e 'print "A" x
> 9000'`
> Segmentation fault
>
>
> elguapo25:~# /usr/games/xgalaga -level `perl -e
> 'print "1" x 9000'`
> xgal.sndsrv: Couldn't open DSP /dev/dsp
> xgal.sndsrv: Sound not available
> Segmentation fault
>
> elguapo25:~# /usr/games/xpat2 -xpmdir `perl -e
> 'print "A" x 9000'`
> FAILED to open keyboard file
> "/usr/lib/games/xpat/C/keys"
> Segmentation fault
>
> elguapo25:~# /usr/sbin/exim -C `perl -e 'print "A" x
> 9000'`
> Segmentation fault
>
> elguapo25:~# export TZ=`perl -e 'print "A" x 9000'`
> elguapo25:~# /usr/X11R6/bin/kcmclock
> Segmentation fault
>
> -KF
>
>
> sec daddy wrote:
>
> > Has anyone done research on the security of
> Lindows? 
> > There appear to be application level exploits with
> MS
> > programs that run on Lindows, consistent with
> Windows.
> > I'm more curious about O/S level exploits.
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Autos - Get free new car price quotes
> > http://autos.yahoo.com


__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com