RedHat: Buffer Overflow in "ls" and "mkdir"

Josh Ōckert torstenvl at gmail.com
Mon Oct 25 09:52:09 PDT 2004 

On Mon, 25 Oct 2004 13:58:59 +0100, Paul Robinson <paul at iconoplex.co.uk> wrote:
> On Mon, Oct 25, 2004 at 01:40:50PM +0200, Martin Welk wrote:
> 
> > Well, this might be the reason why Linux will never be able to get through
> > into a mass market... You even have to install your viruses and worms
> > manually.
> 
> This came up today as well:
> 
> http://www.theregister.co.uk/2004/10/25/mac_rootkit_opener/
> 
> But the Reg, being the Reg, still stand firm:
> 
> http://www.theregister.co.uk/2004/10/22/linux_v_windows_security/
> 
> Thing about OS security, is that I think market penetration does make a
> difference. There hasn't been a hole announced in Plan 9 or QNX in,
> well, years, but if either had > 10% penetration in the Internet, I
> think you'd start to see more and more attacks. It's exactly what
> happened to NT4 - for ages considered secure until people started
> installing it and then the holes just opened up for all to see.
> 
> I don't know whether I have told this list before, but I used to work
> with a guy who was doing penetration tests and auditing code for the
> company I was at. He claimed that nobody had ever really taken a close
> look at VMS from a security point of view due to market penetration, so
> whilst Compaq were claiming it to be the most secure OS on the planet,
> he was able to use exploits that would have worked against BSD boxes 10
> years ago. Unbelieveable stuff. He did announce some, they were mostly
> holes in the TCP/IP stack addon most sites were using.
> 
> Just out of curiosity, are the security patch-ups being committed over
> at OpenBSD still finding their way over here? I haven't been watching
> much for the last 12 months.
> 
> --
> Paul Robinson
> 
> http://www.iconoplex.co.uk/
> "All I know is I'm not a Marxist" - Karl Marx
> 
> 
> _______________________________________________
> freebsd-chat at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-chat
> To unsubscribe, send any mail to "freebsd-chat-unsubscribe at freebsd.org"
> 

Woman: "In further news, the Canadian Prime Minister is subscribed to
FreeBSD-chat mailing list.  Here's the report from our field
correspondant and eye witness, Josh Ockert*"

Josh: "Yes, ma'am, well, I opened up my beta GMail (that's Google's
new e-mail service) inbox this morning to see a new message about the
fake RedHat malware, and in the from was written 'Martin, Paul'. I
knew right then that he must be a closet liberal, engaged in
open-source activities. This came as a shock to me, as both
http://pm.gc.ca/ and http://www.conservative.ca/ run Windows 2000, as
does the Liberal Party's website, whereas only the New Democratic
Party's website used to run Linux and now runs on FreeBSD (pour ceux
qui voudraient vraiment savoir, le site web du Bloc Québecois utilise
aussi Windows 2000). Is Paul Martin endorsing the NDP?"

Woman: "Wow, that *is* interesting, Josh!"

Woman: "Tonight we have a special report on the progress of the
Brazillian space program..."


* Disclaimer: Josh Ockert is not officially a Canadian, just an
American who was born far enough north in the state of Michigan to
have some sense about him.

Further disclaimer: IT'S A JOKE

More information about the freebsd-chat mailing list