Re: Backport of the integer overflow in the brk system call
On Thu, Dec 04, 2003 at 06:13:49PM -0500, Matt Zimmerman wrote:
> Not really; he just has to set things up ahead of time. This is like
> claiming the attacker has to be present in order to sniff your password from
> a telnet session (he doesn't; he just has to have been around at any time
> before then in order to set up a sniffer).
That's totally true. It's not the way this attack happened though.
All I know is it's a layer and experts say layered defense is best.
I still think it would discourage the cracker. A lot of the "open a
netcat over the exposed pipe" tricks wouldn't work iff the smartcard
auth stack wasn't compromised -- the netcat couldn't get auth'd, and the
server wouldn't buy it. The problem now is a pipe is a pipe.
Just rambling... I'm sure there's tons of holes in what I just said.