Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!execu!sequoia!rpp386!jfh From: jfh@rpp386.cactus.org (John F Haugh II) Newsgroups: comp.unix.internals Subject: Re: getting vendors to fix security bugs Message-ID: <19066@rpp386.cactus.org> Date: 21 Feb 91 12:32:59 GMT References: <15236@smoke.brl.mil> <123382@uunet.UU.NET> <1991Feb20.004811.28521@convex.com> <123462@uunet.UU.NET> Reply-To: jfh@rpp386.cactus.org (John F Haugh II) Organization: Lone Star Cafe and BBS Service Lines: 20 X-Clever-Slogan: Recycle or Die. In article <123462@uunet.UU.NET> rbj@uunet.UU.NET (Root Boy Jim) writes: >Has anyone done any real measurements? Has anyone actually >successfully exploited this bug (of course I mean under test >conditions, on your own machine, where you have root access anyway), >or do we all just parrot this mantra: suid scripts are insecure. I've tried measuring it and this is what I've found - * the window is bigger on more heavily loaded systems. * anyone can heavily load a system. * you can fake it using "nice". Regarding the first point, on a lightly loaded system I had trouble exploiting the bug. But when I made the system crawl, I hit the hole the first or second time around almost every time. -- John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 Domain: jfh@rpp386.cactus.org "I've never written a device driver, but I have written a device driver manual" -- Robert Hartman, IDE Corp. Brought to you by Super Global Mega Corp .com