Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
... and if it took you twenty minutes, your average script kiddie would
take weeks, if ever. (Of course, buying a copy from a blackhat with
similar skills would probably be faster.)
Stable kernel 220.127.116.11
Posted Jul 7, 2008 7:49 UTC (Mon) by PaXTeam (subscriber, #24616)
the 20 mins was the runtime of the exploit, not its development time.
Posted Jul 7, 2008 19:43 UTC (Mon) by nix (subscriber, #2304)
I thought 20 minutes seemed awfully fast to write an exploit from scratch,
but I'm not very good at that sort of thing so I thought maybe skilled
people are faster.
(Still, if a random blackhat tries to eat that amount of CPU time on any
of my security-important systems all sorts of alarms would go off. But
maybe that's more paranoia than most people show, and I suppose if the
attacker knew about those monitoring systems he could distribute the
computational work among numerous processes and a long stretch of time.
Still, again, if an attacker knows that much, I'm dead anyway. Maybe this
is significant to unmonitored systems with untrusted local users, and I
suppose it makes it easier to escalate to root once you've got in via some
vulnerable network service, but if the attacker's managed that, again,
you're dead anyway: and most attackers these days don't *care* about
escalation to root: all they care about is being able to spam like crazy,
and being able to spy on the user, and an attack via, say, a browser
vulnerability will give them all of that.)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds