Can you find a hole?

This is a discussion on Can you find a hole? within the A Brief History of Cprogramming.com forums, part of the Community Boards category; my friend is taking a pretty high level class - mcs494 - it is a "special topic" class; this semester ...

  1. #1
    Registered User axon's Avatar
    Join Date
    Feb 2003
    Posts
    2,572

    Can you find a hole?

    my friend is taking a pretty high level class - mcs494 - it is a "special topic" class; this semester they are doing unix/linux security and such. 60% of their total grade consists of finding 10 security holes in current unix/linux distros that have not been found before. As soon as a person finds one, they post it on the course website, so if you find the same hole it will not count.

    What do you guys think about it?

    some entropy with that sink? entropysink.com

    there are two cardinal sins from which all others spring: Impatience and Laziness. - franz kafka

  2. #2
    Super Moderator
    Join Date
    Sep 2001
    Posts
    4,913
    Gotta be pretty tough to find ones that haven't been found before... It just doesn't sound right to me.

  3. #3
    Banned maes's Avatar
    Join Date
    Aug 2001
    Posts
    744
    th4tz t0ta1y h4x0r 6u6er, wayaauw

  4. #4
    Just one more wrong move. -KEN-'s Avatar
    Join Date
    Aug 2001
    Posts
    3,230
    Jesus does that ever sound hard.

    I think it might be a bit easier on them if they go to relatively unknown distros and poke around. Maybe look around in some lesser-known programs.

  5. #5
    Cii
    Cii is offline
    i get my own title?
    Join Date
    Jun 2004
    Posts
    35
    do they get to look in any distro they want? how about programs that introduce holes in the system, or is it strictly the kernel?
    either way, that's a hard project. but since it's a special class, they probably know the good students can handle it.

  6. #6
    Registered User axon's Avatar
    Join Date
    Feb 2003
    Posts
    2,572
    its not a "special" class - it is just a class with "special topics"...i.e. the topic changes from semester to semester.

    some entropy with that sink? entropysink.com

    there are two cardinal sins from which all others spring: Impatience and Laziness. - franz kafka

  7. #7
    In The Light
    Join Date
    Oct 2001
    Posts
    598
    Howdy,
    I'd like to see that web site.

    M.R.
    I don't like you very much. Please post a lot less.
    Cheez
    *and then*
    No, I know you were joking. My point still stands.

  8. #8
    Registered User axon's Avatar
    Join Date
    Feb 2003
    Posts
    2,572
    >> I'd like to see that web site.

    yeah, I would like to see it as well Howdy. Unfortunately most of our course websites are on a system called blackboard, which is not viewable to people outside of the course. I might, however, have some insight into this whole thing and will keep you guys posted

    some entropy with that sink? entropysink.com

    there are two cardinal sins from which all others spring: Impatience and Laziness. - franz kafka

  9. #9
    RoD
    RoD is offline
    Redundantly Redundant RoD's Avatar
    Join Date
    Sep 2002
    Location
    Missouri
    Posts
    6,331
    axon do your own homework :P

  10. #10
    Registered User axon's Avatar
    Join Date
    Feb 2003
    Posts
    2,572
    meh?

    some entropy with that sink? entropysink.com

    there are two cardinal sins from which all others spring: Impatience and Laziness. - franz kafka

  11. #11
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139
    It sounds as if any security fault counts. In theory, there exist a lot of problems. That doesn't mean they are exploitable or practically "usable".

    Do a search for strcpy or strcat and you've got yourself a ton of potential errors waiting to happen.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  12. #12
    & the hat of GPL slaying Thantos's Avatar
    Join Date
    Sep 2001
    Posts
    5,681
    Anyone else see the title of this thread and thought it would be about something completly different?

  13. #13
    ¡Amo fútbol!
    Join Date
    Dec 2001
    Posts
    2,136
    Only you thantor (sorry, had to do it in memory of our dear ethic).

    As for blackboard, try using the username/password combo of guest/guest.

  14. #14
    RoD
    RoD is offline
    Redundantly Redundant RoD's Avatar
    Join Date
    Sep 2002
    Location
    Missouri
    Posts
    6,331
    or student/student

    thats almost as common as guest/guest for schools.

  15. #15
    5|-|1+|-|34|) ober's Avatar
    Join Date
    Aug 2001
    Posts
    4,429
    That's an interesting assignment indeed. Is it 10 per person, or 10 total for the class?

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Problem building Quake source
    By Silvercord in forum Game Programming
    Replies: 16
    Last Post: 07-11-2010, 10:13 AM
  2. could not find -lwsock32.lib
    By thomas_joyee in forum C++ Programming
    Replies: 8
    Last Post: 07-14-2008, 01:28 PM
  3. How to find O of threads ?
    By jabka in forum C Programming
    Replies: 3
    Last Post: 03-11-2008, 01:25 PM
  4. how do u find 2nd largest number??
    By juancardenas in forum C Programming
    Replies: 8
    Last Post: 02-14-2003, 08:28 AM
  5. Q: Recursion to find all paths of a maze
    By reti in forum C Programming
    Replies: 7
    Last Post: 11-26-2002, 09:28 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21