Mailinglist Archive: opensuse (3031 mails)

[Kai Ponte <kai@xxxxxxxxxxxxxxxx>]

On Thursday 07 February 2008 04:48:00 pm Wolfgang Woehl wrote:
> Freitag, 8. Februar 2008 Randall R Schulz:
> > That is manifestly false. It takes an explicit vulnerability for
> > this to happen. The classic one is unchecked overflow of a buffer
>
> Any given nasty application would need 1 system call to remove your
> homedir. Call that "unfair" or "vulnerability", whatever.
>
> How you would run into such a nasty app is another story. But isn't
> saying that you couldn't a bit over-optimistic?

Okay:  I've read enough of this tit-for-tat.

Here's the fact: Any OS can be vulnerable to an attack. I've actually written 
a sample buffer overflow that gained me (or rather my code) root access from 
a non-privileged account right on my SUSE 9.3 system. (I got the code from 
the February 2005 issue of Linux Magazine.)

The difference between Linux and the legacy OS's like Wintendo is that the 
buffer overflow would have a very difficult time spreading in the wild. IIRC, 
there was a virus released for *nix in '97 or '98 but it quickly perished.


-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx