> From: Doug Hughes [mailto:d...@will.to] > > The dhcp issue is potentially exploitable, but much more difficult and less > risky in practice
If the dhcp client behaves as Paul suggested it might - which is to say, stupidly accepting unsanitized ENV variables from a DHCP server, then it would be trivially easy to attack all sorts of laptops in the wild, which would be a big problem, by simply turning on a rogue dhcp server wherever you want to attack other users on the LAN. But I am biased to disbelieve any dhcp client is that stupid, unless I hear otherwise. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
