|
Demon
A Drug AgainstWar

Registered: 06/18/00
Posts: 457
Loc: j00/2 m07h3/2
Last seen: 20 years, 2 months
|
The Hacker Deliemma
#659903 - 06/03/02 03:19 AM (21 years, 11 months ago) |
|
|
Recently, I found a security hole in my Mandrake Linux computer. I told one of my friends, who has Red Hat Linux on one of his computers, and he also had the same hole. The question is, should I tell people about it, and help the UNIX world, or should I keep it a secret and use it only on people who deserve to have it used against them? This is what I call the "hacker deleimma" ; do you tell people about security holes, or keep them a secret. Personally I don't normally use my computer knowladge to do anything "Wrong", unless the victim deserves it, like for example, if they have tried to break in my computer, or the computers of other people and internet-based companies that are private. For this post, when I say "hacker", I mean a person with great computer-related skill, and not nessacarily somone who tries to break into others' computers.
-------------------- "Sex is like a gun.. you aim, you shoot, you run" - Aerosmith Come visit SacredShrooms.org!
|
Barbi
Plastic Person

Registered: 04/22/02
Posts: 12,976
Last seen: 19 years, 6 months
|
Re: The Hacker Deliemma [Re: Demon]
#659912 - 06/03/02 03:28 AM (21 years, 11 months ago) |
|
|
Edited by mndfreeze
|
Demon
A Drug AgainstWar

Registered: 06/18/00
Posts: 457
Loc: j00/2 m07h3/2
Last seen: 20 years, 2 months
|
Re: The Hacker Deliemma [Re: Barbi]
#659949 - 06/03/02 04:05 AM (21 years, 11 months ago) |
|
|
THe problem is that gcc is on my system, letting any user output their compiled program to any directory they wish, even ones that they don't have permission to write. For example, I could create an account and log in, and then use gcc to compile code to the output point /root/ .
-------------------- "Sex is like a gun.. you aim, you shoot, you run" - Aerosmith Come visit SacredShrooms.org!
|
Planet PHL
non conformist


Registered: 04/12/99
Posts: 541
Last seen: 2 years, 28 days
|
Re: The Hacker Deliemma [Re: Demon]
#660733 - 06/03/02 01:29 PM (21 years, 11 months ago) |
|
|
You're a hacker now? Not really the impression i got after talking to you about computers heh. Anyway, are you able to overwrite other files you don't have access to? If not its not much of a security breach. You execuing it won't do anything your account doesnt have rights to, and its unlikely an admin would execute it for you. Such 'breaches' are nothing new though, i wouldnt run to the security community with too much attitude about this. It mostly means the default setups for redhat/mandrake arent very secure, which is nothing new to anyone familiar with linux.
Peace, phloid
|
Demon
A Drug AgainstWar

Registered: 06/18/00
Posts: 457
Loc: j00/2 m07h3/2
Last seen: 20 years, 2 months
|
Re: The Hacker Deliemma [Re: Planet PHL]
#663632 - 06/05/02 04:47 AM (21 years, 11 months ago) |
|
|
Heh, you'd be surprised PHL. It's like that saying, I can't remember what it is exactly, but it's something about how it's better to not give away your smarts. Nah, I'm not that skilled but I do like computer security a lot. That' s why I'm learning to be a UNIX system admin
-------------------- "Sex is like a gun.. you aim, you shoot, you run" - Aerosmith Come visit SacredShrooms.org!
|
Macey Howard
Formally MOE HOWARD


Registered: 07/02/99
Posts: 14,165
Loc: Georgia
Last seen: 7 years, 8 months
|
Post deleted by Moe Howard [Re: Barbi]
#665255 - 06/06/02 03:43 AM (21 years, 11 months ago) |
|
|
-------------------- Hugs and Kisses!
|
Demon
A Drug AgainstWar

Registered: 06/18/00
Posts: 457
Loc: j00/2 m07h3/2
Last seen: 20 years, 2 months
|
Re: The Hacker Deliemma [Re: Macey Howard]
#665282 - 06/06/02 04:00 AM (21 years, 11 months ago) |
|
|
I don't have a job  I'm a loser.
-------------------- "Sex is like a gun.. you aim, you shoot, you run" - Aerosmith Come visit SacredShrooms.org!
|
tak_old
Endo Smoke

Registered: 05/31/02
Posts: 609
Loc: State of confusion
|
Re: The Hacker Deliemma [Re: Demon]
#714670 - 06/30/02 10:46 PM (21 years, 10 months ago) |
|
|
This sounds like anti.sec I think Disclosure/Anti Disclosure is better wording than "The hacker diliemma" :P And a mandrake/redhat exploit from someone who is 'learning to be a sysadmin' is probably already found. Not to mention thats its more than likely not a anything that needs code for. gcc file.c -o /root/file ?? :P Try testing it when you ARNT root ;]
|
|