[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Impact of Netscape kernel hole




At 10:28 AM 6/14/97 -0400, Adam Shostack wrote:
>
>
>| >Tim's post (although refuted by Marc) raises some serious issues since I
>| >suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
>
>	Are FAT file lists stored as files?

not exactly.  you cannot just open and read. you must jump hoops; but does
the nscp hole allow execution of arbitrary code?  that would be much worse
....

>
>	On a Unix box, /. refers to the file containing directory
>entries, the list of files in the directory.  If there is an analogous
>file on a dos box, you can explore.  

so, no: not unless you can write your own foreign code and run it on the
victim pc.


(Does the bug work on Unix?  I've
>heard it only works if java or livescript are turned on, so it hasn't
>worried me enough to investigate.)
>
>Adam
>
>
>
>-- 
>"It is seldom that liberty of any kind is lost all at once."
>					               -Hume
>
>
>
>