Displaying 2 results from an estimated 2 matches for "uws4ue".
Did you mean:
usue
2017 Feb 09
0
Serious attack vector on pkcheck ignored by Red Hat
...ned memory pages. Your attack must therefore work within the pkcheck process, while that sprayed heap is still active.
>> 2. There?s no such thing as SUID libraries.
>
> I never argued there are.
I threw that idea out in an effort to follow the Principle of Charity. (https://goo.gl/uwS4UE) I wasn?t required to provide the idea in the first place; the burden of proof was on you, and remains there, even though you?ve rejected my attempt to provide you with such an idea.
>> So, how is this hypothetical library of yours going to gain
>> privileges that the executable linke...
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
Hello Warren,
On Thu, 2017-02-09 at 14:22 -0700, Warren Young wrote:
> There are two serious problems with this argument:
>
> 1. Give me a scenario where this attacker can execute *only* pkcheck
> in order to exploit this hypothetical library?s flaw, but where the
> attacker cannot simply provide their own binary to do the same
> exploit. Short of something insane like