|
Full Disclosure
mailing list archives
RE: April 1st is here (joy). now improved
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Thu, 1 Apr 2004 15:43:24 +0200
I think this posting shows the far superior way Windows prevents
security issues like this. As the name says, it does not intend to allow
you open access to the garden (which becomes even more sophisticated
once TCPA is there...).
With Windows, you obviously stay in-house and watch the carrots
through... right, a Window! So as you do not have physical access to
them, a root compromise is reliably prevented. I think this is also the
primary reason that ActiveX - by its very core design - does not require
a sandbox to be secure. Or have you ever seen a sandbox inside a house?
As you can see, openness has its disadvantages ;)
Rainer
Well if we are into folly anyway :-)
FEAR!FEAR!FEAR!********!ADVISORY!***********FEAR!FEAR!FEAR!
Security Advisory No 0x454564af
We have discovered a serious security hole after OpenBSD 3.4 default
install!
After successful installation, we proceeded to the garden. There we
grabbed a carrot and pulled firmly. And whoa, instant root acess! We
never thought it would be this easy. Really, these sorts of incidents
should be prevented.
Due to the very serious nature of this bug, we will not
disclose PoC at
this time, esp because the root has already been consumed.
For details visit our homepage
http://www.iamanidiot.com/
******************************************************
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- RE: April 1st is here (joy). now improved Rainer Gerhards (Apr 01)
|
Intro
