On Mon, Feb 11, 2008 at 06:00:14PM -0500, Ross S. W. Walker wrote: > > > I wonder if any existing user-land utilities have hooks into > > > vmsplice that may be able to be accessed via PHP, Perl, or CGI? > > It's a system call. > Yes, but conceivable an application can make use of such a system > call since it is exploitable from user land and hence the concern. Well, the point is there's nothing wrong with the system call *inherently*. There's just a flaw in its implementation which a carefully-crafted program can exploit. A program which just happens to use the system call as it is intended to be used isn't any more dangerous than any other code. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: local root exploit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: local root exploit
- From: Matthew Miller <mattdm@xxxxxxxxxx>
- Date: Mon, 11 Feb 2008 20:20:11 -0500
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <E2BB8074E5500C42984D980D4BD78EF901FAFEEF@xxxxxxxxxxxxxxxxxxxxx>
- References: <20080211221406.GA22273@xxxxxxxxxxxxx> <E2BB8074E5500C42984D980D4BD78EF901FAFEEF@xxxxxxxxxxxxxxxxxxxxx>
- User-agent: Mutt/1.5.14 (2007-02-12)
- Follow-Ups:
- RE: local root exploit
- From: Ross S. W. Walker
- RE: local root exploit
- References:
- Re: local root exploit
- From: Matthew Miller
- RE: local root exploit
- From: Ross S. W. Walker
- Re: local root exploit
- Prev by Date: Re: IPtables Possibility
- Next by Date: Re: local root exploit
- Previous by thread: RE: local root exploit
- Next by thread: RE: local root exploit
- Index(es):
 |