Great Circle Associates Firewalls
(November 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Getting Root on Sidewinder (fwd)
From: tom @ pserv1 . dot . state . az . us (Tom Brink)
Date: Fri, 11 Nov 94 21:46:43 MST
To: firewalls @ greatcircle . com (Firewalls)
Reply-to: tom @ pserv1 . dot . state . az . us

Earl Boebert writes:
> From: Earl Boebert <boebert @
 sctc .
 com>
> Subject: Getting Root on Sidewinder
> To: firewalls @
 greatcircle .
 com
> Date: Fri, 11 Nov 1994 16:04:11 -0600 (CST)
> 
> Mike O'Connor <mjo @
 dojo .
 mi .
 org> writes:
> 
> >Dear Firewall Fiends,
> 
> >I haven't heard anything from the Sidewinder folks in a couple days,
> >so I figure the list is as good a plce to post this as anywhere.  The
> >Challenge specs are available via anonymous FTP from ftp.sctc.com, if
> >you're wondering what some of the specifics below are referring to.
> 
> Sorry for the delay; I thought we had gotten back to you right away.
> 
> >I find it somewhat disheartening that they didn't keep track of the
> >BSDI patches or the bsdi-users mailing list for security issues,
> >particularly when they want to use BSDI as the basis for a mission
> >critical security system.  I'm still wondering why what they said
> >didn't appear to correspond with what was on the system when I probed.
> 
> Rather than try to reply in generalities, I think it would be best if
> you told the list what you did and how far it got you.  As we say in
> the description of the system, we don't regard unauthorized root
> access as that big a deal, because on Sidewinder it's really
> "rootlet:" root access limited to a specific domain.  It doesn't let
   ^^^^^^^
Sounds like double talk.  Since Mike was able to exploit a well known
hole, I would NOT like to bet that their aren't more.
-- 
Tom Brink tom @
 dot .
 state .
 az .
 us
Technical Support Specialist
Technical Research Center
Information Services Group
Arizona Department of Transportation

Indexed By Date Previous: Getting Root on Sidewinder (fwd)
From: "Mike O'Connor" <mjo @ dojo . mi . org>
Next: Re: Secure Programming Techniques
From: dhami @ mdd . comm . mot . com (Mandeep S Dhami)
Indexed By Thread Previous: Getting Root on Sidewinder (fwd)
From: "Mike O'Connor" <mjo @ dojo . mi . org>
Next: (Fwd) SUN's new firewall product?
From: David A Nicholson <davidn @ mentor . co . nz>

Google
 
Search Internet Search www.greatcircle.com