On Wed, Feb 14, 2001 at 12:21:14PM +0100, Robert Varga wrote: > On Mon, Feb 12, 2001 at 03:46:20PM -0800, Blake R. Swopes wrote: > > Considering what overflows the buffer (your username), it would seem that > > you'd need root access to begin with in order to craft an exploit. Am I > > wrong? > > Well this could be used to gain root privileges on free shell-account > servers, which don't do the proper bounds checking and the registration > process is fully automated... On my RedHat 7.0 box, you can add a username longer than 20 characters using standard tools: # useradd Arnold.Schwarzenegger # su - Arnold.Schwarzenegger [Arnold.Schwarzenegger@thales Arnold.Schwarzenegger]$ crontab -e Segmentation fault I think this example negates many of the arguments in this thread, does not it? Mate --- Mate Wierdl | Dept. of Math. Sciences | University of Memphis
- vixie cron possible local root compromise Flatline
- Re: vixie cron possible local root comp... Peter van Dijk
- Re: vixie cron possible local root comp... Blake R. Swopes
- Re: vixie cron possible local root ... Robert Varga
- Re: vixie cron possible local r... Arthur Clune
- Re: vixie cron possible loc... Peter W
- Re: vixie cron possibl... Flavio Veloso
- Re: vixie cron possible local r... Mate Wierdl
- Re: vixie cron possible local root comp... Valentin Nechayev
- Re: vixie cron possible local root comp... gabriel rosenkoetter
- Re: vixie cron possible local root ... Rodrigo Barbosa (aka morcego)
- (CORRECTION) Re: vixie cron pos... Rodrigo Barbosa (aka morcego)
- Re: vixie cron possible local r... Valdis Kletnieks
- Re: vixie cron possible loc... Juergen P. Meier
- Re: vixie cron possible local r... Nelson Brito
- Re: vixie cron possible local root ... Alan DeKok
- Re: vixie cron possible local r... gabriel rosenkoetter
- Re: vixie cron possible loc... Robert Bihlmeyer
