Re: Public disclosure of discovered vulnerabilities

From: Peter Fairbrother (zenadsl6186_at_zen.co.uk)
Date: 06/09/05 

Date: Thu, 09 Jun 2005 07:52:02 +0100

obie wrote:

>
> David Wagner wrote:
>> In today's commodity
>> systems, the wall between root and non-root processes is a sieve.
>> If you can get access to a non-root account on a Unix or Windows machine
>> (for instance), you can usually get access to root, too. While it is
>> probably possible to configure machines to prevent nonroot->root privilege
>> escalation without impacting usability, this seems to be highly non-trivial
>> and today's systems don't seem to meet this bar.
>
> Are you aware of a way to do this on the base install of OpenBSD?

I am (just for the sake of argument).

But the way I got people to change the base install when they use my
software (Apache), after they had closed the "only hole" (HA!) was extra
super-duper brilliant!

And then to get the change into the base install - how smoooth was THAT?
 
> I'm under the impression that a bug report on this would get attention,
> but if I am wrong, I would be quite interested in being corrected.

I ain't reporting any bug to no-one - if I did Theo would close it, the bum.
I make a zillion $$$ per second because of the bug (actually only about 5
million per year, greed is good but it should be restrained when it
conflicts with the continuing influx of money), and I have no inclination to
tell anyone about it.

This is of course all lies. Really. I never had anything to do with any of
that, it all didn't happen without my knowing about it. Theo is not my
bum-boy, and Ben is not my Bill. I did not tell you anything at all about
it, and therefore I do not have to kill you ...

there was a point to this, but that was _way_ back then ... 

-- 
Peter Fairbrother
Closing my eyes
I see him so clear
The blood on his sword
Flashes so bright as it
Falls to the skulls by his feet
But his eyes they know all things
His eyes they know all
There is no blood
No-one knows all my child
You must stop imagining all this
You must stop imagining all this
For your own good 
Why don't you go with the rest and play downstairs

Relevant Pages

  • Re: save attribute for module variables
    ... > And why should these two types of initialization be different in the eyes ... > of the standard? ... I consider this a bug. ...
    (comp.lang.fortran)
  • Re: The rename =?UTF-8?Q?command=E2=80=A6?=
    ... empty post. ... I don't think it's a serious bug. ... Your eyes are weary from staring at the Monitor. ... how restful it is to watch the cursor blink. ...
    (Ubuntu)
  • Wayne Hale and the management shake-up
    ... I was just wondering if Wayne Hale is staying or leaving. ... eyes sometimes bug out frighteningly during press briefings, ...
    (sci.space.shuttle)
  • Re: Whats the best bug-light?
    ... Not as bad as a daylight bulb, but still, ... That's a bug zapper. ... Once we found out other animals had eyes, ... dog whistles. ...
    (alt.home.repair)
Quantcast