From silvio Mon Sep 16 20:22:48 2002 Return-Path: Received: (from silvio@localhost) by big.net.au (8.11.0/8.11.0) id g8H3MjJ01800; Mon, 16 Sep 2002 20:22:45 -0700 Date: Mon, 16 Sep 2002 20:22:45 -0700 From: silvio@big.net.au To: nfernandes@real-secure.com Cc: full-disclosure@lists.netsys.com Subject: Re: [Full-Disclosure] Re: qmail exploits Message-ID: <20020916202245.A1781@hamsec.aurora.sfo.interquest.net> References: <20020916174107.C22979@manifestation.org> <000001c25de9$ee9b1820$3602a8c0@securitytimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000001c25de9$ee9b1820$3602a8c0@securitytimes.com>; from nfernandes@securitytimes.com on Mon, Sep 16, 2002 at 09:31:20PM -0400 Status: RO Content-Length: 3701 Lines: 105 On Mon, Sep 16, 2002 at 09:31:20PM -0400, Nuno Fernandes wrote: > Definition of terrorist: > Characteristic of someone who employs terrorism (especially as a > political weapon); "terrorist activity" n : a radical who employs terror > as a political weapon so in other words.. "a terrorist is someone who does as a terrorist" ? thank you circular definitions 101. > As per PHC's reponse: > > "PHC and #phrack@efnet targets only the IT security > Industry", "PHC has no intention of harming anything else > but the IT security industry in the name of non-disclosure". > > To me this is a form of conducting terrorism from a political > standpoint. Lets try explain the definitions of civil disobediance and a political activist? this will be my meek attempt from my meager understanding.. policitical activism is primarily about establishing a dialogue for political reform. civil disobediance is a medium where a dialogue is established through typically illegal grounds, hence requiring that a dialogue _must_ be established in regards to disobediance. most people who chain themselves or trees etc (whatever they do these days), arent chaining themselves to trees to go to jail.. they are trying to communicate a message and establish dialogue on a topic. if the entire situation we've seen in the past months of full disclosure, phc, gobbles, el8 and so forth.. dialogue has been the primary focus. People have actually spoken and tried to communicate their message, with an attempt to make it two way conversation involving the parties involved. is that civil disobediance, or something else ? now terrorism definitions are so shady, but i suppose we need to look at its roots.. cyberterrorism is an interesting phenomema, since i'm presuming terrorism has more roots in the physical sense, than on a computer. yes.. this predates 9/11 and even the internet! to use a term like cyberterrorism yet at the same time be in such a legal blackhole for associating any word with terrorism, as enough "reason" to abolish constituational rights and the justice system as we know it, is rather dangerous i think, dont you? OK.. maybe something a little more technical now. i'll see if i can remember this correctly as its been over a year since I had to deal with this particular problem --> any linker people can tell me what should be the correct behaviour in the following situations? - i really do not know the "correct" behaviour in most of these cases, since its slightly ambiguous to say the least --> personally.. i avoid it all, and try to give out decent namespaces ;-) (i think this diagram may be wrong.. it has been a very long time since this came up). shared libraries A, B, C executable E E links A E dlopens B B links C A and C share some of the same namespace for symbols. the result for glibc a while ago was that B would end up using the symbols from A. so.. what happens if A is an open source library that we are required to use for the symbols which clash. and C happens to be a closed source propriety binaries only which we are also required to use, for the symbols that dont clash. binary patching is fun :) the use of local symbols helps out here.. this one is a classic problem that is seen alot --> shared libraries A, B executable E symbol M E links A using symbol M E dlopens B using 'internal' symbol M B however will use the symbol from A, ie, the "wrong" one. consider you have a few hundred shared libraries that your working with.. you have a dozen or so main libraries also.. yah.. namespace gets important :) oh.. yah. i've never really seen any warnings for any of this by the runtime linker in linux etc :) -- Silvio