Đang chuẩn bị liên kết để tải về tài liệu:
hack book hack proofing your network internet tradecraft phần 10

, thay vào đó, bằng cách tin tưởng rằng người sử dụng là các khách hàng rlogin từ xa cho biết người đó là. Cơ chế xác thực này chỉ làm việc giữa các hệ thống UNIX, và cực kỳ thiếu sót trong nhiều cách, do đó, nó không phải là sử dụng rộng rãi trên các mạng ngày nay. | 412 Chapter 15 Reporting Security Problems teaching well-meaning people how to find security problems you are also teaching the bad guys. But recall that some hackers already have access to such information and share it among themselves. The currently recommended approach is to try to contact the vendor before making the details of the problem publicly known. You must try to work with them to release a fix quickly at the same time you reveal the security problem to the public. In this way you obtain the benefits of full disclosure while at the same time releasing a fix in a timely manner. Yet even today you must be very careful that the vulnerability information does not fall into the wrong hands while you are working with the vendor to produce a fix. For example in July of 1999 a vulnerability in the rpc.cmsd service in Sun Solaris was discovered. One of the exploits found for this vulnerability seems to have been authored by a well-known computer security company. It seems that they were researching the problem and somehow the exploit leaked to the computer underground. More recently in June of 2000 a vulnerability in the capability subsystem of the Linux kernel was discovered that allowed local users to get root privileges. The vulnerability was first published by Peter van Dijk who believed it was used to break into somebody s systems. From Peter van Dijk 06 07 2000 I do not have complete info right now but here s the scoop Local users can gain root thru a _kernel_ bug in Linux 2.2.15 and some earlier versions. This is fixed in 2.2.16pre6. Linux 2.0.x is not vulnerable I do not know of any other vulnerable OSs. The bug is that is it somehow possible to exec sendmail without the CAP_SETUID priv which makes the setuid call that sendmail eventually does to drop privs fail. Big chunks of code that were never meant to run as root then do run as root which is of course easily exploitable then. This is just about all the info I have I do not have the exploit but I .