There was no reference to %fs or %gs as registers. I think you missed the boat.
Only set_fs macro.
737 posts • joined 17 Nov 2012
One time I've seen this was where the company just used a "random" number in the query used to establish a session.
We demonstrated the failure several times - even to the point of being able to take over a managers web session and able to authorize whatever overtime we desired.
The number is essentially public information in a returned URL, thus allowing the client to replace the number with one of our own choosing.
Did they fix it by using an encrypted cookie value?
No - they just expanded the range of valid numbers... Made it harder to guess, but did not fix the problem.
Part of the problem with hackers is that they would tend to dissasemble Windows binaries to find out how they work in the first place.
That causes problems with the need for a "clean room" reimplementation to avoid the "copyright infringement" claims that would block its use, and pretty much kill the project.
Linux will never be relicenced as the GPL does meet the desires of the majority of the developers.
In addition, a number of the developers have died - and you will not get their permission either.
That GPLv2 license prevents companies from misappropriation of the code. Which has happened with BSD and MIT licenses.
The end result is that you don't like Perens opinion.
So somebody sued him for expressing his opinion. The only result of that is a loss.
It also makes one think that opinion may in fact be true. Now GRSecurity may actually have a problem...
Bruce Perens doesn't have grounds for suing directly - unless he has some code in the kernel that he believes is being misappropriated.
I don't believe he does, it is just his opinion, and he can always give his opinion - Free speech and all.
Biting the hand that feeds IT © 1998–2021