Re: Sysmask security challenge: useful or not?

From: Barton L. Phillips (bartonphillips_at_sbcglobal.net)
Date: 04/22/05 

Date: Fri, 22 Apr 2005 21:26:07 GMT

azuredu wrote:
> It is true that tests using ls and cat don't prove anything and are
> useless. However, I don't think you are ready to accept my following
> claim, at least without first testing with ls and cat. It is true that
> I should have put some more warnings somewhere, but nowadays who is
> reading the help pages before typing into the textarea?
>
> I claim that the challenge can be broken only in one of the following
> two cases.
>
> 1. A stupid bug in the sysmask package. I found one in the first day of
> the challenge, which however did not let people get the unreadable
> file; no more is propping up thereafter.
>
> By the way, the bug is not yet fixed in the public site, but will be
> within a few days.
>
> 2. A nasty bug in the kernel, leading to a privilege elevation. Way
> more nasty than the recent ones behind sys_uselib() and sys_futex().
> What is the probability of such a bug?
>
> So sysmask bug put aside, the challenge is hopeless if you don't have a
> privilege elevation which you know how to exploit. All this is well
> explained in the documentation; but who is ready to believe such a
> claim without first tried some ls and cat? And even having tried?
>
> It is true that many utilities are missing in the environment. But the
> first motive is to save place, as everything should go into a cd.
> Anyway I'd better leave it this way, for otherwise people would have
> more useless things to play with and would waste more time.
>
It seems to me the "challenge" would be more interesting if I could
telnet into the system. Doing everything via a web form is not very
informative or interesting. In fact how do I know there is even a system
behind the form. I could do everything in a php script and say it is the
output of a secure system.

Featured Product


GFI LANguard Network Security Scanner

Are hackers finding a way into your network?
Identify and repair network vulnerabilities with the #1 vulnerability scanner. Download a FREE trial!

GFI LANguard Network Security Scanner is the #1 Windows commercial security scanner as voted by Nmap users for two years running. It is a solution that allows you to scan, detect, assess and rectify any security vulnerabilities on your network.

Find out more about GFI LANguard and download your FREE 30 day trial today!

Relevant Pages