Wolf Giesen

« Rantings & the state of Gentoo »

setuid() time bombs

Permalink 07/27/06 16:55 , Categories: Gentoo

When the setuid() bug hit vixie-cron I was sure we were going to have a lot more of those exploits in the near future. It seems I was too pessimistic, though; there were only one or two discovered since then, although I think auditors will keep an eye on that from now on. Anyway, I'd like to recommend some (IMHO) good reading:

http://www.csl.sri.com/users/ddean/papers/usenix02.pdf

Update: Next in line is mit-krb5 ... more to come, I guess :(

Leave a comment »

No feedback yet

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)
November 2009
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Wolf Giesen

Search

Categories

XML Feeds

What is RSS?
blog software

©2009 by Daniel Drake

Contact | Blog template by Asevo | Credits: blog tool | dedicated server | evoTeam