LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-23-2003, 02:53 AM   #1
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
suggestion


maybe you guys should take away the forum description that mentions "exploits", since obviously you dont want anyting regarding them posted. it kinda gives the wrong impression when it clearly says
"This forum is for all security related questions.
Questions, tips, exploits, firewalls, etc. are all included here."
 
Old 12-23-2003, 05:52 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602
Since we do not want to help people with coding their own or fixing others, we probably should. Thanks for noting it.
 
Old 12-23-2003, 07:29 AM   #3
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Given that most of the input here is about exploits is about "how to avoid" or "how to fix" exploits, I don't think that there is a problem mentioning them. Besides, almost anyone who asks "how to take advantage of" or "how to create" one get quickly reminded otherwise. There's nothing wrong with the word "exploit". It's all in how the community offers input. That's like saying that you don't want to mention virii because somebody might be attempting to write one. I would hope that it would be obvious that people who ask those types of questions would realize that this is not the place to go.

Last edited by stickman; 12-23-2003 at 07:32 AM.
 
Old 12-23-2003, 08:41 AM   #4
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 10,170

Rep: Reputation: 2591Reputation: 2591Reputation: 2591Reputation: 2591Reputation: 2591Reputation: 2591Reputation: 2591Reputation: 2591Reputation: 2591Reputation: 2591Reputation: 2591
infamous41md,

Thanks for the suggestion. Removing exploits is probably more inline with what we'd like discussed here. On unSpawn's suggestion I have updated it to "system compromises".

--jeremy
 
Old 12-23-2003, 02:40 PM   #5
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by stickman
Given that most of the input here is about exploits is about "how to avoid" or "how to fix" exploits, I don't think that there is a problem mentioning them. Besides, almost anyone who asks "how to take advantage of" or "how to create" one get quickly reminded otherwise. There's nothing wrong with the word "exploit". It's all in how the community offers input. That's like saying that you don't want to mention virii because somebody might be attempting to write one. I would hope that it would be obvious that people who ask those types of questions would realize that this is not the place to go.
well, no. im a programmer, and i write exploits, and a few weeks ago i was trying to figure out where the bof was in the recent sendmail vulnerability(which nobody seems to have found yet). anyhow, i came and posted in here merely asking if anyone else had been workin on it, and asked them to IM me if they wanted to work on it with me. my post was deleted and i was warned. so i thought it would make sense to be clearer about the rules.

unspawn, jeremy << thanks
 
Old 12-23-2003, 05:21 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602
asked them to IM me if they wanted to work on it with me. my post was deleted and i was warned.
No, your post was closed, big difference. We had a short email conversation about this and I redirected you to the "proper" channels for this, SF, full disclosure and bugtraq mailinglist, like that. LQ just ain't the place for FD and help *with* exploits.


so i thought it would make sense to be clearer about the rules.
Yes, you're right and I appreciate you offered the suggestion.


BTW, did you get your BO going with mailinglist help or?
 
Old 12-23-2003, 07:13 PM   #7
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Original Poster
Rep: Reputation: 30
no apparently nobody can find(or wants to share yet) where it even is. i mean, i was kinda pissed b/c usually its not that hard once you've read the advisory. they even tell you what function it's in, but i cant' figure it out for the life of me. i spent an entire day analyzing that function and couldnt find squat.
http://www.securityfocus.com/bid/8641/info/ there is the advisory.


edit: i see that a patch was released(new version) so maybe i'll give it a shot again; should be easier now having that.

Last edited by infamous41md; 12-23-2003 at 07:18 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone gives me some suggestion Black Raptor Debian 6 06-20-2005 09:35 AM
Suggestion DaBlade LQ Suggestions & Feedback 9 03-21-2005 02:28 AM
Just a suggestion coolfrog LQ Suggestions & Feedback 2 09-21-2004 02:08 PM
Suggestion markelo LQ Suggestions & Feedback 6 07-29-2004 02:25 AM
a suggestion :) nautilus_1987 LQ Suggestions & Feedback 3 09-22-2002 04:53 AM


All times are GMT -5. The time now is 05:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration