Doug Mentohl wrote:
>
>> So already the bloke who is responsible for finding true and genuine
>> flaws,
>
> If remote execution of arbitrary code isn't a genuine flaw then what is?
Have you ever looked into any of these '... can cause execution arbitray
code ...' ? Go on, try one. Make the program or services crash as noted in
the texts of the one you selected, then send the random values that might
or might not be interpretted as code. Then try to send only actual code,
pcode or assembled depending on the service you are after breaking through.
You wont have to play for long before you see that although they is a risk
and any risk has to be looked at, it is extremely unlikely to be a serious
risk. Ok, the arbitrary nature means that one in {some large number} might
actually get the timing spot on, breaking the system at the right place in
some sequence and then might be able to pour code into a machine like water
into a bucket. But even trying that manually was extremely difficult to get
the code in at the right place after the break, it's no use just piling
ints in in the hope that some will be interpretted as assembler, you are
still in lottery territory. I suspect that any hacker would want a much
better way in than that, the very act of trying to get in that way brings
attention to itself with the service spitting and snarling into it's logs
about the crap you are sending it before you eventually get the sequence
right.
That is almost as true for Linux as it is for MS, there is of cause a big
difference. But still a lot of the Linux vulnerabilities have been of the
form 'It you do {this unusual thing} when you are set up in {this unusual
or bad way} then you make yourself vulnerable to the lottery code injection
brigade, see logs to see if you won.
|
|
