Date: Tue, 21 Jul 1998 23:10:27 +0000 From: Niall Smart <rotel@indigo.ie> To: "Jordan K. Hubbard" <jkh@time.cdrom.com>, Brett Glass <brett@lariat.org> Cc: dg@root.com, Warner Losh <imp@village.org>, Archie Cobbs <archie@whistle.com>, security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807212210.XAA02709@indigo.ie> In-Reply-To: <8496.900909928@time.cdrom.com>; "Jordan K. Hubbard" <jkh@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 19, 9:45pm, "Jordan K. Hubbard" wrote: > > Seriously, that code had so many potential exploits and stack > overflows that I seriously doubt all the stack protection in the world > would have saved you. It didn't need a band-aid, it needed a thorough > audit which now, after all the horses have escaped the barn, seems to > finally be happening. Auditing isn't the answer to programs which have been maldesigned and malimplemented right from the very beginning, rm is. Sometimes programs reach a point of no return, at which the only sensible thing to do is start again with the benefit of experience. Sendmail and QMail are good examples of the former and latter. Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807212210.XAA02709>