Re: Sysmask security challenge: useful or not?
From: Barton L. Phillips (bartonphillips_at_sbcglobal.net)
Date: Fri, 22 Apr 2005 21:26:07 GMT
> It is true that tests using ls and cat don't prove anything and are
> useless. However, I don't think you are ready to accept my following
> claim, at least without first testing with ls and cat. It is true that
> I should have put some more warnings somewhere, but nowadays who is
> reading the help pages before typing into the textarea?
> I claim that the challenge can be broken only in one of the following
> two cases.
> 1. A stupid bug in the sysmask package. I found one in the first day of
> the challenge, which however did not let people get the unreadable
> file; no more is propping up thereafter.
> By the way, the bug is not yet fixed in the public site, but will be
> within a few days.
> 2. A nasty bug in the kernel, leading to a privilege elevation. Way
> more nasty than the recent ones behind sys_uselib() and sys_futex().
> What is the probability of such a bug?
> So sysmask bug put aside, the challenge is hopeless if you don't have a
> privilege elevation which you know how to exploit. All this is well
> explained in the documentation; but who is ready to believe such a
> claim without first tried some ls and cat? And even having tried?
> It is true that many utilities are missing in the environment. But the
> first motive is to save place, as everything should go into a cd.
> Anyway I'd better leave it this way, for otherwise people would have
> more useless things to play with and would waste more time.
It seems to me the "challenge" would be more interesting if I could
telnet into the system. Doing everything via a web form is not very
informative or interesting. In fact how do I know there is even a system
behind the form. I could do everything in a php script and say it is the
output of a secure system.