[CentOS] local root exploit
Matthew Miller
mattdm at mattdm.orgTue Feb 12 01:20:11 UTC 2008
- Previous message: [CentOS] local root exploit
- Next message: [CentOS] local root exploit
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Feb 11, 2008 at 06:00:14PM -0500, Ross S. W. Walker wrote: > > > I wonder if any existing user-land utilities have hooks into > > > vmsplice that may be able to be accessed via PHP, Perl, or CGI? > > It's a system call. > Yes, but conceivable an application can make use of such a system > call since it is exploitable from user land and hence the concern. Well, the point is there's nothing wrong with the system call *inherently*. There's just a flaw in its implementation which a carefully-crafted program can exploit. A program which just happens to use the system call as it is intended to be used isn't any more dangerous than any other code. -- Matthew Miller mattdm at mattdm.org <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>
- Previous message: [CentOS] local root exploit
- Next message: [CentOS] local root exploit
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list