LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

The brk() vulnerability

The brk() vulnerability

Posted Dec 3, 2003 8:12 UTC (Wed) by dlang (subscriber, #313)
In reply to: The brk() vulnerability by stuart2048
Parent article: The brk() vulnerability

remember that the Debian project boasts 1000 developers. I don't know how many had access to the initial machine, but it's not unreasonable to consider that at least half of them did.

if these people each accessed this machine from 2 different machines (home and work for example) that means that there are 1000 different places that the inirial login password could have been aquired from.

remember that if you use ssh to connect to a machine that machine is only as secure as the least secure of the machines that are allowed to connect to it. chain this a few times, multiplied by a lot of people and you should figure that a determined enough person _will_ be able to get user access to it.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.