Re: Results of environment variable fuzzing Debian 5.05 SUID/SGIDs
On Tue Jan 18, 2011 at 22:25:20 +1100, Silvio Cesare wrote:
> This kind of testing is good for Debian security and provides some comfort
> to me at least knowing this class of vulnerability has been tested for
> against the privleged programs in the Debian repository.
Agreed.
I started doing the same thing a few years ago, and it was very
useful.
However to make your reports more thorough it is important to look
at the source of the code to see if the crash is an exploitable one
or not. Ideally you'd include that information in any bug
reports you submitted.
Steve
--
http://www.steve.org.uk/
Reply to: