On Mon 2014-10-27 11:11:53, Geert Uytterhoeven wrote:
> On Mon, Oct 27, 2014 at 10:56 AM, Pavel Machek wrote:
> > On Wed 2014-10-22 16:43:10, Kees Cook wrote:
> >> On Wed, Oct 22, 2014 at 4:26 PM, Andrew Morton
> >> wrote:
> >> > On Tue, 21 Oct 2014 13:21:37 -0700 Kees Cook
> >> > wrote:
> >> >
On Mon, Oct 27, 2014 at 10:56 AM, Pavel Machek wrote:
> On Wed 2014-10-22 16:43:10, Kees Cook wrote:
>> On Wed, Oct 22, 2014 at 4:26 PM, Andrew Morton
>> wrote:
>> > On Tue, 21 Oct 2014 13:21:37 -0700 Kees Cook wrote:
>> >
>> >> From: Paul Wise
>> >>
>> >> This partially mitigates a common stra
On Wed 2014-10-22 16:43:10, Kees Cook wrote:
> On Wed, Oct 22, 2014 at 4:26 PM, Andrew Morton
> wrote:
> > On Tue, 21 Oct 2014 13:21:37 -0700 Kees Cook wrote:
> >
> >> From: Paul Wise
> >>
> >> This partially mitigates a common strategy used by attackers for hiding
> >> the full contents of stri
On Thu, Oct 23, 2014 at 11:23 AM, Andrew Morton
wrote:
> On Thu, 23 Oct 2014 09:39:09 -0700 Kees Cook wrote:
>
>> > I wonder if the chances of damage would be lower if we were to continue
>> > to accept the \r, but turn it into something else ("\r"?) when it is
>> > read.
>>
>> I think that would
On Thu, 23 Oct 2014 09:39:09 -0700 Kees Cook wrote:
> > I wonder if the chances of damage would be lower if we were to continue
> > to accept the \r, but turn it into something else ("\r"?) when it is
> > read.
>
> I think that would complicate things more than help them.
Why.
> If there's a
>
On Wed, Oct 22, 2014 at 7:00 PM, Andrew Morton
wrote:
> On Wed, 22 Oct 2014 16:43:10 -0700 Kees Cook wrote:
>
>> On Wed, Oct 22, 2014 at 4:26 PM, Andrew Morton
>> wrote:
>> > On Tue, 21 Oct 2014 13:21:37 -0700 Kees Cook wrote:
>> >
>> >> From: Paul Wise
>> >>
>> >> This partially mitigates a c
On Wed, 22 Oct 2014 16:43:10 -0700 Kees Cook wrote:
> On Wed, Oct 22, 2014 at 4:26 PM, Andrew Morton
> wrote:
> > On Tue, 21 Oct 2014 13:21:37 -0700 Kees Cook wrote:
> >
> >> From: Paul Wise
> >>
> >> This partially mitigates a common strategy used by attackers for hiding
> >> the full content
On Wed, Oct 22, 2014 at 4:26 PM, Andrew Morton
wrote:
> On Tue, 21 Oct 2014 13:21:37 -0700 Kees Cook wrote:
>
>> From: Paul Wise
>>
>> This partially mitigates a common strategy used by attackers for hiding
>> the full contents of strings in procfs from naive sysadmins who use cat,
>> more or sy
On Tue, 21 Oct 2014 13:21:37 -0700 Kees Cook wrote:
> From: Paul Wise
>
> This partially mitigates a common strategy used by attackers for hiding
> the full contents of strings in procfs from naive sysadmins who use cat,
> more or sysctl to inspect the contents of strings in procfs.
>
> ...
>
On Tue, 21 Oct 2014, Kees Cook wrote:
> From: Paul Wise
>
> This partially mitigates a common strategy used by attackers for hiding
> the full contents of strings in procfs from naive sysadmins who use cat,
> more or sysctl to inspect the contents of strings in procfs.
>
> References:
> http:/
On Tue, Oct 21, 2014 at 01:21:37PM -0700, Kees Cook wrote:
> From: Paul Wise
>
> This partially mitigates a common strategy used by attackers for hiding
> the full contents of strings in procfs from naive sysadmins who use cat,
> more or sysctl to inspect the contents of strings in procfs.
>
> R
On Tue, Oct 21, 2014 at 01:21:37PM -0700, Kees Cook wrote:
> From: Paul Wise
>
> This partially mitigates a common strategy used by attackers for hiding
> the full contents of strings in procfs from naive sysadmins who use cat,
> more or sysctl to inspect the contents of strings in procfs.
>
> R
From: Paul Wise
This partially mitigates a common strategy used by attackers for hiding
the full contents of strings in procfs from naive sysadmins who use cat,
more or sysctl to inspect the contents of strings in procfs.
References:
http://www.jakoblell.com/blog/2014/05/07/hacking-contest-hidi
13 matches
Mail list logo