PDA

View Full Version : Can you find a hole?



axon
08-23-2004, 02:52 PM
my friend is taking a pretty high level class - mcs494 - it is a "special topic" class; this semester they are doing unix/linux security and such. 60% of their total grade consists of finding 10 security holes in current unix/linux distros that have not been found before. As soon as a person finds one, they post it on the course website, so if you find the same hole it will not count.

What do you guys think about it?

sean
08-23-2004, 02:56 PM
Gotta be pretty tough to find ones that haven't been found before... It just doesn't sound right to me.

maes
08-23-2004, 03:21 PM
th4tz t0ta1y h4x0r 6u6er, wayaauw

-KEN-
08-23-2004, 04:34 PM
Jesus does that ever sound hard.

I think it might be a bit easier on them if they go to relatively unknown distros and poke around. Maybe look around in some lesser-known programs.

Cii
08-23-2004, 04:43 PM
do they get to look in any distro they want? how about programs that introduce holes in the system, or is it strictly the kernel?
either way, that's a hard project. but since it's a special class, they probably know the good students can handle it.

axon
08-23-2004, 05:41 PM
its not a "special" class - it is just a class with "special topics"...i.e. the topic changes from semester to semester.

itld
08-23-2004, 06:10 PM
Howdy,
I'd like to see that web site.

M.R.

axon
08-23-2004, 06:20 PM
>> I'd like to see that web site.

yeah, I would like to see it as well Howdy. Unfortunately most of our course websites are on a system called blackboard, which is not viewable to people outside of the course. I might, however, have some insight into this whole thing and will keep you guys posted :)

RoD
08-23-2004, 08:15 PM
axon do your own homework :P

axon
08-23-2004, 08:23 PM
meh?

nvoigt
08-23-2004, 10:32 PM
It sounds as if any security fault counts. In theory, there exist a lot of problems. That doesn't mean they are exploitable or practically "usable".

Do a search for strcpy or strcat and you've got yourself a ton of potential errors waiting to happen.

Thantos
08-23-2004, 10:55 PM
Anyone else see the title of this thread and thought it would be about something completly different?

golfinguy4
08-24-2004, 12:44 AM
Only you thantor (sorry, had to do it in memory of our dear ethic).

As for blackboard, try using the username/password combo of guest/guest.

RoD
08-24-2004, 01:41 AM
or student/student

thats almost as common as guest/guest for schools.

ober
08-24-2004, 06:19 AM
That's an interesting assignment indeed. Is it 10 per person, or 10 total for the class?

axon
08-24-2004, 08:02 AM
>>That's an interesting assignment indeed. Is it 10 per person, or 10 total for the class?

ten per person; ~20 people in the class

Sang-drax
08-29-2004, 06:04 AM
Sounds like a challenging class...
On my university they have classes in image analysis, here's an example for a 'small' project:

"Write a program that takes a photo of a human face and transforms it into a 3D-model of a face, begin able to look at the face from different angels. The program should ideally be implemented in a celluar phone."

jmgk
08-29-2004, 07:54 AM
axon,

is the first time such class is given?

in any previous year(or semester), there where found 200(10*20) unknow holes?

jmgk

axon
08-29-2004, 10:43 AM
>>in any previous year(or semester), there where found 200(10*20) unknow holes?

I'm pretty sure this particular topic has never been done before - or at least not the same project.

whackaxe
08-29-2004, 02:14 PM
are you allowed to use your own distro? :D

Vicious
08-29-2004, 02:48 PM
LOL, have someone create a distro with tons of holes in it... lol

And yes thantos... I did.. I did indeed...

Felix
08-29-2004, 02:57 PM
Anyone else see the title of this thread and thought it would be about something completly different?
I did. I bet you thought something dirty when you saw it, sooo unlike me :rolleyes:

axon
08-29-2004, 02:59 PM
thats called a "catchy subject line" ;)

Felix
08-29-2004, 03:01 PM
thats called a "catchy subject line" ;)
It's called dirta :mad:

On a more serious note: I guess it'd be interesting, I also would like to see all the holes they saw... erm.