[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Mar 2004 ]

Re: [edlug] Big blue v Big poo



On Mon, Mar 29, 2004 at 12:39:38PM +0100, Justin B Rye wrote:

> If there's a theoretical way for gnutetris.deb to give local users
> access to the group "games", that gets added to the Debian graph as
> soon as Steve Kemp spots it; if mstetris.exe does the same that
> doesn't even register as an exploit.  And only mstetris.exe goes on
> the graph - any flaws in gnutetris.exe are Linus's fault.

  This is half the problem when comparing security between Linux and
 Windows.

  What is Linux?  It's a kernel.  What is Windows? Well is the base
 system, plus IIS etc.

  Flaws in Outlook are often attributed to Windows when really they
 are flaws in an application, namely Office.

  There have been very very few system holes discovered for either
 Linux or Windows.

  For Linux we have had recently the do_brk() flaw, the ptrace() hole,
 something reported today involving systrace() and some older flaws.

  For windows we've had the class of attacks regarding message handling
 highlighted by the "MSShatter" paper, a couple of issues with the
 messaging service and another general flaw with the handling of
 named pipes.

  (I guess we could include the IIS holes involving Unicode, or
 Nimbda - but to be fair we'd then have to include Apaches
 Chunked-Handling hole.)

  Generally speaking both systems have, in practice, had near identical
 security.  It's the applications on both sides which have had exploits.
 
  I guess with my work finding holes in games has been almost too 
 easy, literally just picking the low hanging fruit.  I've been
 avoiding reporting some things recently just due to the sheer
 repetitiveness of them.  (Although I do have some great titles
 queued up which I'm quite proud of "Abusing abuse" for instance ;)

  At the moment I've been looking at different classes of attacks
 rather than different applications.  Integer overflows I find
 fascinating and they're fun to spot!

Steve
--
# Debian Security Audit Project
http://www.shellcode.org/Audit/
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html



This archive is kept by wibble@morpheux.org.DONTSPAMME
homepage