[8837] in bugtraq
Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules
daemon@ATHENA.MIT.EDU (Scott D. Yelich)
Sat Dec 26 15:35:03 1998
Date: Thu, 24 Dec 1998 18:34:16 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Scott D. Yelich" <scott@SPY.ORG>
To: BUGTRAQ@NETSPACE.ORG
> FYI, I filed bug #4199722 in Sun's bugs database.
> I'd love it if someone did the "SPARC excercise". (If you have an
> x86 exploit, it's not always as easy to maek a SPARC one)
> Casper
Sorry to waste bandwidth with snivelling... but it always seems to
me that the "exercise for the reader" means "I don't know how to
do it, perhaps someone else might do it," or worse in "I think
this might be possible, but I'm really not able to prove it."
Sometimes it's a bit annoying when people are talking about
theoretical bugs/exploits and something is said like
``it should be possible to do blah or blah'' -- sure, it's
possible that anything has a bug or an exploit, it's possible
to break DES, and it's possible to blah to and blah, etc., but
IMnsHO, it seems to do little good until someone is going to lose
money over the situation.
It's also interesting to note that it seems that the exercises
for the reader from a long time ago are finally being turned into
xploits or executable/provable examples which, in turn, seems to be
leading to things getting fixed. It's as if there isn't proof
or an exploit, the issue is simply ignored.
It's amazing to see how many exploits are coming out for linux
that are the same as exploits for other platforms from long ago,
or ones that are based on things that should have been learned
a long time ago. I think it's kind of a shame that each/an OS
has to suffer this way while becoming popular and populous.
Scott