RedHat: Buffer Overflow in "ls" and "mkdir"
Paul Robinson
paul at iconoplex.co.uk
Mon Oct 25 05:58:59 PDT 2004
On Mon, Oct 25, 2004 at 01:40:50PM +0200, Martin Welk wrote:
> Well, this might be the reason why Linux will never be able to get through
> into a mass market... You even have to install your viruses and worms
> manually.
This came up today as well:
http://www.theregister.co.uk/2004/10/25/mac_rootkit_opener/
But the Reg, being the Reg, still stand firm:
http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/
Thing about OS security, is that I think market penetration does make a
difference. There hasn't been a hole announced in Plan 9 or QNX in,
well, years, but if either had > 10% penetration in the Internet, I
think you'd start to see more and more attacks. It's exactly what
happened to NT4 - for ages considered secure until people started
installing it and then the holes just opened up for all to see.
I don't know whether I have told this list before, but I used to work
with a guy who was doing penetration tests and auditing code for the
company I was at. He claimed that nobody had ever really taken a close
look at VMS from a security point of view due to market penetration, so
whilst Compaq were claiming it to be the most secure OS on the planet,
he was able to use exploits that would have worked against BSD boxes 10
years ago. Unbelieveable stuff. He did announce some, they were mostly
holes in the TCP/IP stack addon most sites were using.
Just out of curiosity, are the security patch-ups being committed over
at OpenBSD still finding their way over here? I haven't been watching
much for the last 12 months.
--
Paul Robinson
http://www.iconoplex.co.uk/
"All I know is I'm not a Marxist" - Karl Marx
More information about the freebsd-chat
mailing list