[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Thu, Dec 04, 2003 at 06:13:49PM -0500, Matt Zimmerman wrote:
> Not really; he just has to set things up ahead of time.  This is like
> claiming the attacker has to be present in order to sniff your password from
> a telnet session (he doesn't; he just has to have been around at any time
> before then in order to set up a sniffer).

That's totally true.  It's not the way this attack happened though.
All I know is it's a layer and experts say layered defense is best.
I still think it would discourage the cracker.  A lot of the "open a 
netcat over the exposed pipe" tricks wouldn't work iff the smartcard 
auth stack wasn't compromised -- the netcat couldn't get auth'd, and the 
server wouldn't buy it.  The problem now is a pipe is a pipe.

Just rambling... I'm sure there's tons of holes in what I just said.

Reply to: