buffer overruns was Re: FW: SECURITY WATCH
brent harding
bharding at greenbaynet.com
Fri Jun 30 17:01:13 EDT 2000
So just as me running a buggy program as a normal user, I could find myself
in a root shell? I get messages from my logs suggesting that the klogd
daemon gets terminated and loaded. I received it yesterday and today. I get
a lot of junk about ppp errors when the link goes down under unusual system
behavior. Is there a way of telling how the klogd process seems to restart
itself? I installed syslog-ng last night, don't know what that does, but it
might be an update, but I got the message in today's log check. I set up
the debian package logcheck that allerts the root account to unusual
activity. Most of it appears from the console, so it's probably what I did
when I typed the password fast and mistyped it several times. Does it
always say from tty1 no matter who initiated that? The logging shouldn't
stop nd restart, unless logcheck stops it to analyze it so no more data
comes in while it's working. Apparently it runs with anacron in
/etc/cron.daily.
At 01:06 PM 6/30/00 -0500, you wrote:
>A buffer overrun occurs durring input of data. The program requests some
>information which is then passed to a variable. But if the variable is not
>designed to contain as much data as is attempted to place into it, it runs
>out the end and can cover memory that was for other things. This could in
>some cases allow the excess to become executing code. Mostly it causes the
>program (and sometimes system) to crash.
>
>On a Unix system (including Linux and other variants) if this happens with
>a program that runs as root, then the person who caused the problem may
>end up in a shell with the access from the program (or root).
>
>But, most of these security holes have been patched because the source is
>available and people go looking for such possibilities. Understand that
>some of the holes that are published are theoretical. Nobody has actually
>made it to root access. The code just suggests that it could be
>done. Then, when you have a proprietary system, the same hole may show up
>in the next version. Not that I would point out any MSlop flaws mind you.
>
>--
>Kirk Wood
>Cpt.Kirk at 1tree.net
>------------------
>
>Seek simplicity -- and distrust it.
> Alfred North Whitehead
>
>
>
>_______________________________________________
>Speakup mailing list
>Speakup at braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
More information about the Speakup
mailing list