solidot新版网站常见问题,请点击这里查看。
消息
本文已被查看147次
[$] Attacking the kernel via its command line
来源于:LWN
The kernel's command line allows the specification of many operating
parameters at boot time. A silly bug in command-line parsing was reported
by Ilya Matveychikov on May 22; it can be exploited to force a stack
buffer overflow with a controlled payload that can overwrite memory. The
bug itself stems from a bounds-checking error that, while simple, has still
been in the Linux kernel source since version 2.6.20. The subsequent
disclosure post by
Matveychikov in the oss-security list spawned a discussion on what
constitutes a vulnerability, and what is, instead, merely a bug. 查看全文>>