[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [MiNT] XaAES / GEM memory issues



> This is just paranoid IMHO... When somebody starts to write exploits for
> MiNT I might change my view, but considering that it has been years (7-8
> atleast) since the last virus hit the Atari I don't consider exploits to be
> a real-world problem.

Last year I wrote three ones spending 20 minutes on it (including
compiling). All of them gave root privileges for an ordinary user. I tried
them out on Swe's computer with full success, i.e. I was logged as guest
and was able to download everything from his computer, including his
thing.key file, because I had root shell. The most perfect one of these
exploits uses F_OS_SPECIAL flag, and even 1.16 isn't fully proofed against
it (eventhough the program would need an upgrade ;-))
 
> > the process which is just requesting F_OS_SPECIAL, is the "right" one, and
> > not, for example, a demo which just changed its name to "AESSYS" a while
> > 
> Only one process should be allowed to have F_OS_SPECIAL. If somebody wants

Why? Who said both AESSYS and its screen manager or its whatever would not
need that?

> Ofcourse, when we have an AES that doesn't need this, and this AES is
> atleast as capable as it's competitors, F_OS_SPECIAL should be removed.

This is what I mean all the time. The damn flag will not be removed
tomorrow. This is some future. Unavoidable tho.

--
Konrad M.Kokoszkiewicz
mail: draco@atari.org
http://draco.atari.org

** Ea natura multitudinis est,
** aut servit humiliter, aut superbe dominatur (Liv. XXIV,25)
*************************************************************
** Taka to juz natura pospolstwa, ze albo sluzy ono unizenie,
** albo bezczelnie sie panoszy.