finger
Martin 'Goran' Moravec
goran na ucw.cz
Středa Srpen 22 12:45:07 CEST 2001
> : Ahoj,
>
> : nevite jak moc nebezpecne je pouzivat na serveru sluzbu finger?
>
> Co to znamena "nebezpecne" ?
> Pokial fingerd bezi ako ne-root s obmedzenymi resourcami, nevidim
> sposob preco by to malo byt nebezpecne
a co paranoia :-)
ale vazne
pokud nekdo prez cfingerd (kde byl nedavno exploit) ziska prava pro uzivatele nobody.
dokaze natropit peknou neplechu.
treba si pritahnout do /tmp nejakej local root exploit a spustit
nebo alespon ziskat o servru pomerne dost informaci na jiny utok.
--
--
A novice was trying to fix a broken lisp machine by turning the
power off and on. Knight, seeing what the student was doing spoke sternly,
"You cannot fix a machine by just power-cycling it with no understanding
of what is going wrong." Knight turned the machine off and on. The
machine worked.
-- Just another from of life
Goran
Další informace o konferenci Linux