Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!hellgate.utah.edu!caen!uakari.primate.wisc.edu!crdgw1!rpi!uupsi!sunic!dkuug!diku!thorinn
From: thorinn@diku.dk (Lars Henrik Mathiesen)
Newsgroups: comp.unix.wizards
Subject: Re: getting vendors to fix security bugs
Message-ID: <1991Feb21.200116.28231@odin.diku.dk>
Date: 21 Feb 91 20:01:16 GMT
References: <15236@smoke.brl.mil> <123382@uunet.UU.NET> <1991Feb20.004811.28521@convex.com> <123462@uunet.UU.NET>
Sender: news@odin.diku.dk (Netnews System)
Organization: Department of Computer Science, U of Copenhagen
Lines: 22

rbj@uunet.UU.NET (Root Boy Jim) writes:
>BTW, what are the chances of hitting the window on the suid scripts?
>By that I mean, suppose I have the perfect program to exploit it,
>which I've just compiled on a system where a suid script and the
>perfect conditions to exploit it exist. Isn't it true that
>(1) I have only a very small chance of winning, and
>(2) I only get one shot?

(1) You can load the dice (widen the hole) arbitrarily, or at least up
to a user resource limit.

(2) If you miss the hole on one side, no one need ever know.

I tried it once, with the simplest implementation I could make (loaded
against hitting the window compared to the environment where an attack
would probably happen). It didn't work on an unloaded machine, but a
light load made it go through about once every seven or ten tries.
Proper implementation would make it almost certain, I think.

--
Lars Mathiesen, DIKU, U of Copenhagen, Denmark      [uunet!]mcsun!diku!thorinn
Institute of Datalogy -- we're scientists, not engineers.      thorinn@diku.dk


Brought to you by Super Global Mega Corp .com