Linux Today: Linux News On Internet Time.

More on LinuxToday

Linux Magazine: Unix Security Holes

Jul 15, 2000, 15:41 (0 Talkback[s])
(Other stories by Paul)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

"The hottest trend these days in network intrusion is to exploit buffer overruns, a technique where-by you feed a program more data than it has allocated, overwriting the memory in the hope of making the program do something it would normally never do. It's an interesting technique but just one of many available in the arsenal of today's intruders. In the interest of feeding the media blitz about Internet security, this month's column features a walk through some of the more innovative and interesting security holes that we've come across in the past few years."

"LD_PRELOAD on setuid Binaries... LD_PRELOAD Through Telnet... Sun's /dev/audio Bug... chfn CR Bug... ps Solaris /tmp Permissions Bug... SGI colorview Bug..."

"So what have we learned from all of this? Well, if there's one thing that our brief jaunt through Unix history has taught us, it's that we should very carefully scrutinize any program that runs with special privileges. And as the /dev/audio bug demonstrates, even if you think you know everything about security, something else is waiting just around the corner."

Complete Story

Related Stories: