[H-GEN] Debian v Mandrake
Anthony Towns
aj at azure.humbug.org.au
Wed Mar 20 23:22:11 EST 2002
On Thu, Mar 21, 2002 at 01:37:07PM +1000, Bradley Marshall wrote:
> On Thu, 21 Mar 2002, Raymond Smith wrote:
> > All operating systems connected to a public
> > network will experience attacks, some of which are crafted for the
> > operating system.
> .. and most of which are application specific. Its been
> quite a while since I've seen something for *nix that
> specifically targetted an OS, rather an an application.
Hrm? The flaws are application specific, but don't most of the exploits
need to be specific to the kernel ABI as well, so they can, eg, call
exec("/bin/sh") ? I could believe that stack layout and such is common
enough across OSes on the same architecture, but I'd've thought the
entry points to useful functionality wouldn't be.
This applies to buffer overflows and the like, not out and out bugs like
having PAM not bother to check passwords, or similar, of course.
Cheers,
aj
--
Anthony Towns <aj at humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Debian: giving you the power to shoot yourself in each
toe individually.'' -- with kudos to Greg Lehey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 350 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20020321/88fd855f/attachment.sig>
More information about the General
mailing list