Hosting Provided By

Re: Security Advisory - Recent compromise of freefall.freebsd.org

From: Phillip Musumeci <phillip(at)pm.cse.rmit.edu.au>
Date: Tue Feb 18 1997 - 09:19:23 EST

>>>>> "Warner" == Warner Losh <imp@village.org> writes:

Warner> I've not seen any of these compiler extensions recently. I Warner> wonder what happened to them.

Someone else here mentioned gcc_with_bounds checking --- that might catch simple things like string variables that overflow.

The reason that my memory tweaked on run-time memory access checking was due to a hint in a recent announcement that use might have been made of a shell environment string overflow to break into a system. If some memory allocation tool had detected this kind of event, maybe something could have been done.

    Warner> ......... will do nothing for the race conditions, the bad
    Warner> uses of mktemp, et al, the sloppy use of seteuid(), badly
    Warner> written setuid programs, etc.

Yes, you need intelligence for these.
phillip Received on Tue Feb 18 06:19:36 1997

This message: [ Message body ]
Next message: Adrian Chadd: "Re : Bounds-checking gcc .."
Previous message: Phillip Musumeci: "Re: Security Advisory - Recent compromise of freefall.freebsd.org"
In reply to: Warner Losh: "Re: Security Advisory - Recent compromise of freefall.freebsd.org"
Next in thread: Adrian Chadd: "Re : Bounds-checking gcc .."
Reply: Adrian Chadd: "Re : Bounds-checking gcc .."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:41:02 EDT