[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Re: [MiNT] Security

To: mint@fishpool.com
Subject: Re: Fwd: Re: [MiNT] Security
From: Thomas Binder <gryf@hrzpub.tu-darmstadt.de>
Date: Thu, 22 Jul 1999 13:10:53 +0200
In-reply-to: <19990720190708.B333@tubul.dascon.de>; from Michael Schwingen on Tue, Jul 20, 1999 at 07:07:08PM +0200
Mail-followup-to: mint@fishpool.com
References: <199907191650.SAA00138@smtp1.casema.net> <19990720190708.B333@tubul.dascon.de>
Reply-to: gryf@hrzpub.tu-darmstadt.de
Sender: owner-mint@fishpool.com

Hi!

On Tue, Jul 20, 1999 at 07:07:08PM +0200, Michael Schwingen wrote:
> If someone gets a shell on your MiNT machine, you are in trouble anyway
> unless you have a securelevel-protected setup

Even in a securelevel-protected setup, there's still the possibility to
write to supervisor protected memory (e.g. kernel space) by using
Fread() to this memory. With a bit of knowlegde, a clever combination of
Fread()/Fwrite() can change the user IDs of your process - duh. This
isn't fixed easily, as it would either involve a lot of rewrites, or a
performance loss for all functions returning data into a user-supplied
buffer (where only the latter possibility will also help for machines
without memory protection).

Ciao

Thomas

-- 
Thomas Binder (Gryf @ IRCNet)  gryf@hrzpub.tu-darmstadt.de
PGP-key available on request!  binder@rbg.informatik.tu-darmstadt.de
Vote against SPAM:             http://www.politik-digital.de/spam/

Attachment: pgp6PJgBTHnFv.pgp
Description: PGP signature

References:
- Fwd: Re: [MiNT] Security
  - From: nut@casema.net (Barry Schut)
- Re: Fwd: Re: [MiNT] Security
  - From: Michael Schwingen <rincewind@discworld.dascon.de>

Prev by Date: Re: [MiNT] MiNT-Net 1.04 available
Next by Date: Re: [MiNT] MiNT-Net 1.04 available
Previous by thread: Re: Fwd: Re: [MiNT] Security
Next by thread: [MiNT] Mint Structure Chart
Index(es):
- Date
- Thread