PDA

View Full Version : security holes in *nix



axon
12-15-2004, 09:09 PM
earlier this year I told you about a class many of my friends were taking in which 60% of the grade was to find an x number of holes in a nix system...they even made it to slashdot :) http://it.slashdot.org/article.pl?sid=04/12/15/2113202&tid=172&tid=146&tid=128&tid=130&tid=1&tid=106

and for those who don't know, Bernstein is the guy who won a lawsuit aganist the US government some years back for an incryption algo.

axon
12-15-2004, 09:31 PM
here is a quiz that the professor gave out in the beginning of the semester: http://cr.yp.to/2004-494/0830-quiz.pdf the student had 50minutes for it - prof recommended that students who had less than 10 right should drop the course - many did.

LuckY
12-15-2004, 11:01 PM
Very interesting reading. Why don't you showboat a little and tell us which discoveries were yours? (There is a question mark there, but I assure you that was a rhetorical question). Thanks for the intriguing info.

anonytmouse
12-15-2004, 11:03 PM
I think anyone in a fourth year CS course who can't get ten of them right in 10 minutes is in serious trouble. Most of the vulnerabilities (http://tigger.uic.edu/~jlongs2/holes/) are caused by buffer overruns, including scanf("%s", ...) (http://tigger.uic.edu/~jlongs2/holes/jpegtoavi.txt).

axon
12-16-2004, 01:30 AM
>>Very interesting reading. Why don't you showboat a little and tell us which discoveries were yours?<<

non, I wasn't in this class. But I felt like I was, as everyone in it would not shut up about finding holes.

Sang-drax
12-16-2004, 06:23 AM
How many did pass the class?