Re: Red Hat 9: free tickets

From: Carlos Villegas (villegas_at_math.gatech.edu)
Date: 07/02/03

  • Next message: Michal Zalewski: "Re: Red Hat 9: free tickets"
    Date: Wed, 2 Jul 2003 17:07:29 -0400
    To: Michal Zalewski <lcamtuf@ghettot.org>
    
    

    This way of attack seems useless to me. This is also used on RH 8.0
    systems, and for both 8.0 and 9 systems:

    drwx------ 4 root root 4096 Jun 27 08:43 /var/run/sudo

    Which means that if the packages are properly built (and will make sure
    that this directory gets this permissions if it existed before the
    rpm is installed), this attack will gain you nothing, since you need
    to be root to exploit it. If you can get root access to make this
    attack possible, then you might as well launch a shell instead.

    Carlos


  • Next message: Michal Zalewski: "Re: Red Hat 9: free tickets"

    Relevant Pages

    • [Full-Disclosure] Hacking competitions at RootWars.org
      ... Each team will be given root access on a default install of Linux, ... access to my exploit FTP Server. ... target IP addresses, and a username/password for each target IP ... are not allowed to attack other teams in any way. ...
      (Full-Disclosure)
    • Re: Attacking Linux
      ... I would go for a dictionary attack on ssh. ... I can't remember if RH9 allowed root access by default. ...
      (comp.os.linux.misc)
    • Re: [opensuse] Coordinated, distributed ssh attacks?
      ... On Sat, Oct 3, 2009 at 4:07 PM, Carlos E. R. ... The bad guys collaborate somehow to attack us. ... openSUSE -- http://en.opensuse.org/User:Terrorpup ... twitter -- terrorpup ...
      (SuSE)
    • Re: depth perception
      ... very short necks can't, and I've never seen long-necked ones do it. ... Target or threat ranging by head motion is virtually useless beyond ... predator on the planet is *blind* during its attack. ...
      (rec.birds)
    • Re: Billions of dollars for nothing
      ... fairwater@xxxxxxxxx made the phosphor on my monitor glow ... but decoys and other counter-defensive systems are ... regardless of the scale of the attack, is useless. ...
      (sci.space.policy)