On 11/18/2009 02:29 PM, Richard Hughes wrote: > 2009/11/18 nodata <l...@nodata.co.uk>: >> You install software with a known buffer overflow before it is fixed and >> exploit it. More software = more chances to exploit. Bingo! > > Why would the additional package start extra services? I thought there > were guidelines about that. Anyway, if the user has physical access to > the machine, there are many quicker ways to root the box in question. > (Like rebooting, and using grub to go to runlevel 1) > > Richard. >
What if they don't? The mechanisms by which we are detecting and proving physical access are easily circumvented. If the buffer overflow allows arbitrary code execution, you need only an "open(/dev/console, ...)" to fool a lot of these mechanisms. Just because a program is interactive on a console does not mean that that's the /only/ place its being controlled from. --CJD -- fedora-devel-list mailing list fedora-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-devel-list
