Do you trust that guy to be able to accurately report on what he's done? I certainly don't.
Anyway, if you want benchmarks, why aren't you looking at www.spec.org? Oh yeah, because Apple have had a hissy fit and don't submit any results any more.
Summary: a duck's echo sounds very much like the original quack (distribution of frequencies), and thus is hard to distinguish from the original sound. Also ducks' typical environments (plants, absorbing most sound) means that the echo is quiet. Therefore it's very hard to actually hear a distinct echo from a duck in its natural environment.
You can _contrive_ a sitution where you can hear the echo trivially, though.
What's more interesting is how to avoid any non-alphanumeric characters. The x86 ISA permits xor, inc/dec, push/pop, and can be used to create (on the fly) any sequence of bytes, which can then be jumped to (so you don't do your computations in this restricted instruction set, you simply build the real program using it).
I have no idea whether any RISC architectures can avoid non-alphanumeric characters in the opcodes.
If they can then simply avoiding a few reserved fields should be realtively easy.
No I'm not going to try, the x86 was mind-bending enough.
Running windows NT is good enough for the largest-profit-making company in Europe. A company that also has its own internal linux distribution, which contains samba, but doesn't contain that particular pam.
So yes, really.
Of course, by 2005 NT will almost certainly have been phased out, but in 2003 it's still maintained. In particular with the downturn in the economy the replacement of OSes to more modern ones has been abated somewhat.
Either way, we're talking thousands of desks presently.
Surely you're not suggesting that they rename the "cargo processing and intelligence centre" at Sydney International Airport to the "cargo processing and bloody idiocy centre"?
2003 - the year when the word "intelligence" become synonymous with "bloody idiocy".
I run linux. I've not installed patches for any of the things on the page your sig links to. Yet I'm not vulnerable to any of them.
Could it be that it isn't actually _linux_ that's vulnerable.
i.e. if it's/vmlinuz,/bin/init, or/bin/sh, (and other things that no linux system can do without) then you might have a point, but it isn't, so you don't.
""" But a clever subject line does not a social engineer make """
If the subject line causes the recipient to do some action that achieves your aim, but otherwise without that subject line the action would not have been done, then yes, you have just social engineering. Just because a million people fall for it doesn't mean it's not social engineering.
Sure, the whole issue is complicated by the fact that the action appears innocent (unlike reading out your username and password over the phone), and a stupid freaking MS exploit is involved that makes such trivial engineering actually effective.
This is nothing to do with shell programming, this is about getting _to_ a shell from within an arbitrary (exploitable) program (by exec*-ing "/bin/sh").
Precisely where was the privelege escalation in the code? I see writes, and exec*s, but nothing that sets the (e)uid.
The only clever thing about these kinds of things is how to avoid 0x00. However, when I saw someone's Alpha stack-smash (Oh's?) about 3 years ago, I realised that any RISC was as exploitable as any other architecture. This PPC one simply loads constant 0x00pq as 0x{00+gh}{pq+ij}, and then subtracts 0xghij. Nothing novel there. The alpha was more interesting as some of the vital instructions has 0s embedding in them, so the code _had_ to self-modify.
Bollocks, that was supposed to be man iso_8859-1. I don't know if that was/. or I who cocked up, but I do know that it ripped the ring off my Swedish O.
"Linux distros... release two or three new point versions of their distro for every one version of Windows."
So in the time MS has done 3.0, 3.1, 3.11, WG, 95, 98, 98SE, 2000, ME, NT3.1, NT3.5, NT3.51, NT4.0, XP, and probably some others I can't recall, Debian's got all the way up to 3.0. Shouldn't it be up to somewhere between 28.0 and 42.0 by now, going by your reckoning?
Or is Debian not a linux distribution, or something weird like that?
""" Of course, the programmers who created C didn't, because they created gets, which is unusuable unless a buffer overflow is part of the design """
Bullshit. What makes you think that every piece of code that uses gets will suffer buffer overflows? Why can't a forked pair of tasks have an internal and private interface using gets? I can give you a 10 line example that you won't be able to exploit if you're really stuborn.
Of course, I'd never use it myself, I typically don't trust the coders on the other side of the interface to code themselves out of a wet paper bag, so paranoia is generally worth it.
Just because it's broken doesn't mean every usage of it causes something to break. Even broken matchsticks can be used to separate tiles when renovating your bathroom.
I looked at that site - I run linux, I have none of those vulnerabilities. Apart from a handful of kernel vulns, those are all applications with bugs, not _linux_. phpsysinfo is _not_ linux (grabbing a random vuln off their list).
If I have a CGI script that contains the line
print `$FORM{'REQUESTED_COMMAND'}`; or a C/C++ equivalent routine, then would you say it was a "security hole"? It permits the remote execution of arbitrary code, so surely it must be a security hole?
There is no OS, and there can be no sufficiently functional OS, that is invulnurable to that "security hole". If you show me such an OS, I'll show you an OS which is unable to run simple CGI scripts, and thus not sufficiently functional.
6a) (Japan) The init process is a god. 6b) (China) There is no init process. All processes are equals, so long as they are prepared to be killed to protect the init process.
They've conformed to the letter of the law, but are still providing _exactly_ the same information as before, via the medium of linking to another site which caries the same URLs, albeit not as hrefs.
The auto-href-ize function will become more and more popular in next-generation browsers, I'm sure, which will completely emasculate the likes of Sharman.
Slashdot Mirror
Do you trust that guy to be able to accurately report on what he's done? I certainly don't.
Anyway, if you want benchmarks, why aren't you looking at www.spec.org?
Oh yeah, because Apple have had a hissy fit and don't submit any results any more.
YAW.
"Slashdot's reformatting makes it a PITA"
Then complain to slashdot.
http://groups.google.com/groups?q=duck+quack+group :alt.folklore.*+author:rees&hl=en&lr=&ie=UTF-8&sel m=6b6b4da6.0308281728.3653b272%40posting.google.co m&rnum=1
Summary:
a duck's echo sounds very much like the original quack (distribution of frequencies), and thus is hard to distinguish from the original sound. Also ducks' typical environments (plants, absorbing most sound) means that the echo is quiet. Therefore it's very hard to actually hear a distinct echo from a duck in its natural environment.
You can _contrive_ a sitution where you can hear the echo trivially, though.
YAW.
Avoiding zeroes is child's play.
What's more interesting is how to avoid any non-alphanumeric characters. The x86 ISA permits xor, inc/dec, push/pop, and can be used to create (on the fly) any sequence of bytes, which can then be jumped to (so you don't do your computations in this restricted instruction set, you simply build the real program using it).
I have no idea whether any RISC architectures can avoid non-alphanumeric characters in the opcodes.
If they can then simply avoiding a few reserved fields should be realtively easy.
No I'm not going to try, the x86 was mind-bending enough.
YAW.
Running windows NT is good enough for the largest-profit-making company in Europe. A company that also has its own internal linux distribution, which contains samba, but doesn't contain that particular pam.
So yes, really.
Of course, by 2005 NT will almost certainly have been phased out, but in 2003 it's still maintained. In particular with the downturn in the economy the replacement of OSes to more modern ones has been abated somewhat.
Either way, we're talking thousands of desks presently.
YAW.
The link needed hand-editing (I just trimmed between the /technets/), but eventually I got to something like this:
...
"""
Law #1: If MS can persuade you to run its program on your computer, it's not your computer anymore.
Law #2: If MS can alter the operating system on your computer, it's not your computer anymore.
"""
Which is exactly why I don't let either of the above happen.
Nice to see them damning themselves by their own hand
YAW.
Surely you're not suggesting that they rename the "cargo processing and intelligence centre" at Sydney International Airport to the "cargo processing and bloody idiocy centre"?
2003 - the year when the word "intelligence" become synonymous with "bloody idiocy".
YAW.
"""
Any system with samba installed will most definitely have it, or be essentially useless.
"""
Absolute nonsense.
YAW.
I run linux. I've not installed patches for any of the things on the page your sig links to. Yet I'm not vulnerable to any of them.
/vmlinuz, /bin/init, or /bin/sh, (and other things that no linux system can do without) then you might have a point, but it isn't, so you don't.
Could it be that it isn't actually _linux_ that's vulnerable.
i.e. if it's
Shit, I fed th troll.
YAW.
I think you'll find that he called it "manufacturing green consent furiously", which is 4 words.
YAW.
"""
But a clever subject line does not a social engineer make
"""
If the subject line causes the recipient to do some action that achieves your aim, but otherwise without that subject line the action would not have been done, then yes, you have just social engineering. Just because a million people fall for it doesn't mean it's not social engineering.
Sure, the whole issue is complicated by the fact that the action appears innocent (unlike reading out your username and password over the phone), and a stupid freaking MS exploit is involved that makes such trivial engineering actually effective.
YAW.
Eh?
This is nothing to do with shell programming, this is about getting _to_ a shell from within an arbitrary (exploitable) program (by exec*-ing "/bin/sh").
YAW.
So you mean this article was never written:
...
PPC shellcode
Copyright 1999 palante
?
YAW.
Precisely where was the privelege escalation in the code?
I see writes, and exec*s, but nothing that sets the (e)uid.
The only clever thing about these kinds of things is how to avoid 0x00. However, when I saw someone's Alpha stack-smash (Oh's?) about 3 years ago, I realised that any RISC was as exploitable as any other architecture. This PPC one simply loads constant 0x00pq as 0x{00+gh}{pq+ij}, and then subtracts 0xghij. Nothing novel there. The alpha was more interesting as some of the vital instructions has 0s embedding in them, so the code _had_ to self-modify.
YAW.
If it breaks the top 5 machines, I can see some pretty unpleasant lawsuits coming, and perhaps a wave of suicide bombing.
YAW.
Bollocks, that was supposed to be man iso_8859-1. /. or I who cocked up, but I do know that it ripped the ring off my Swedish O.
I don't know if that was
Phil
"""
to justify adding a function to the standard C library
"""
I'd like to see your evidence that fgets predates gets.
For some bizarre reason I don't think you have any.
YAW, who has no problem having the last word.
"Linux distros ... release two or three new point versions of their distro for every one version of Windows."
So in the time MS has done
3.0, 3.1, 3.11, WG, 95, 98, 98SE, 2000, ME, NT3.1, NT3.5, NT3.51, NT4.0, XP,
and probably some others I can't recall, Debian's got all the way up to 3.0. Shouldn't it be up to somewhere between 28.0 and 42.0 by now, going by your reckoning?
Or is Debian not a linux distribution, or something weird like that?
YAW.
"""
Of course, the programmers who created C didn't, because they created gets, which is unusuable unless a buffer overflow is part of the design
"""
Bullshit. What makes you think that every piece of code that uses gets will suffer buffer overflows? Why can't a forked pair of tasks have an internal and private interface using gets? I can give you a 10 line example that you won't be able to exploit if you're really stuborn.
Of course, I'd never use it myself, I typically don't trust the coders on the other side of the interface to code themselves out of a wet paper bag, so paranoia is generally worth it.
Just because it's broken doesn't mean every usage of it causes something to break. Even broken matchsticks can be used to separate tiles when renovating your bathroom.
YAW.
I looked at that site - I run linux, I have none of those vulnerabilities. Apart from a handful of kernel vulns, those are all applications with bugs, not _linux_. phpsysinfo is _not_ linux (grabbing a random vuln off their list).
If I have a CGI script that contains the line
print `$FORM{'REQUESTED_COMMAND'}`;
or a C/C++ equivalent routine, then would you say it was a "security hole"? It permits the remote execution of arbitrary code, so surely it must be a security hole?
There is no OS, and there can be no sufficiently functional OS, that is invulnurable to that "security hole". If you show me such an OS, I'll show you an OS which is unable to run simple CGI scripts, and thus not sufficiently functional.
YAW.
What happens when you do
... ...
$ man iso
?
I happily get:
305 197 C5 A LATIN CAPITAL LETTER A WITH RING ABOVE
and my man is using less as the pager, which I'd have thought was pretty common. (I'm FreeBSD and debian, maybe RedHat differs?)
Are you sure it's not your terminal that's the problem?
What do
$ perl -e 'print chr(197)'
and
$ perl -e 'print chr(197)' | more
do?
YAW
They'll have a problem with (6)'s dichotomy
6a) (Japan) The init process is a god.
6b) (China) There is no init process. All processes are equals, so long as they are prepared to be killed to protect the init process.
YAW.
Stubbs Alderton & Markiles, LLP
l
15821 Ventura Boulevard, Suite 525
Encino, California 91436
office > 818.444.4500
fax > 818.444.4520
email > info@biztechlaw.com
All from:
http://www.biztechlaw.com/html/contact.htm
Have a peek at their site - it told me they were complete wankers within a fraction of a second. I use a text-mode browser by default.
YAW
Bollocks.
They've done the best thing possible.
They've conformed to the letter of the law, but are still providing _exactly_ the same information as before, via the medium of linking to another site which caries the same URLs, albeit not as hrefs.
The auto-href-ize function will become more and more popular in next-generation browsers, I'm sure, which will completely emasculate the likes of Sharman.
YAW.
Some browsers do that automatically, anyway.
YAW.