Re: Sysmask security challenge: useful or not?
From: azuredu (xiao_at_unice.fr)
Date: 22 Apr 2005 05:07:26 -0700
It is true that tests using ls and cat don't prove anything and are
useless. However, I don't think you are ready to accept my following
claim, at least without first testing with ls and cat. It is true that
I should have put some more warnings somewhere, but nowadays who is
reading the help pages before typing into the textarea?
I claim that the challenge can be broken only in one of the following
1. A stupid bug in the sysmask package. I found one in the first day of
the challenge, which however did not let people get the unreadable
file; no more is propping up thereafter.
By the way, the bug is not yet fixed in the public site, but will be
within a few days.
2. A nasty bug in the kernel, leading to a privilege elevation. Way
more nasty than the recent ones behind sys_uselib() and sys_futex().
What is the probability of such a bug?
So sysmask bug put aside, the challenge is hopeless if you don't have a
privilege elevation which you know how to exploit. All this is well
explained in the documentation; but who is ready to believe such a
claim without first tried some ls and cat? And even having tried?
It is true that many utilities are missing in the environment. But the
first motive is to save place, as everything should go into a cd.
Anyway I'd better leave it this way, for otherwise people would have
more useless things to play with and would waste more time.