[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [MiNT] XaAES / GEM memory issues
On Fri, 12 Jan 2001 Jo-Even.Skarstein@vital.no wrote:
> > -----Original Message-----
> > From: Konrad M. Kokoszkiewicz [SMTP:draco@obta.uw.edu.pl]
> > Sent: Friday, January 12, 2001 3:32 PM
> > To: MiNT mailing list
> > Subject: RE: [MiNT] XaAES / GEM memory issues
> >
> > For example, because if the AES is allowed to obtain these privileges,
> > then in fact anyone (any process) can obtain the same and crash the system
> > (this is called an exploit). There is no reliable way to verify whether
> >
> This is just paranoid IMHO... When somebody starts to write exploits for
> MiNT I might change my view, but considering that it has been years (7-8
> atleast) since the last virus hit the Atari I don't consider exploits to be
> a real-world problem.
Well, Consider this. I have my TT on the network all the time (currently
it seems to be crashed most of the time, but...). I would like to give
people telnet accounts without worrying that someone could easily sniff a
password and then run an exploit. One way around this is to run ssh, and
granted, you shouldn't have users on the system you can't trust, but it
would also be nice to know that it isn't trivial to defeat the system
security. I think there could be a way to keep it so that only the AES
can have these privlidges though. Perhaps having the AES occupy a certain
process ID like it does in MagiC would be usefull.
>
> > the process which is just requesting F_OS_SPECIAL, is the "right" one, and
> > not, for example, a demo which just changed its name to "AESSYS" a while
> >
> Only one process should be allowed to have F_OS_SPECIAL. If somebody wants
> to protect themselves from exploits and don't want to use a current AES,
> supply a small program (with source ofcourse) that grabs this but otherwise
> doesn't do anything. Or simply disable it in mint.cnf...
I agree with this.
>
> Ofcourse, when we have an AES that doesn't need this, and this AES is
> atleast as capable as it's competitors, F_OS_SPECIAL should be removed.
that capable part seems a ways off unfortunatly ;<
>
> Jo Even Skarstein
>
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
> This email with attachments is solely for the use of the individual or
> entity to whom it is addressed. Please also be aware that
> Vital Insurance/DnB Group cannot accept any payment orders or other
> legally binding correspondance with customers as a part of an email.
>
> This email message has been virus checked by the virus programs used
> in the Vital Insurance/DnB Group.
>
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
>