Date: Fri, 27 Jun 1997 16:19:35 -0700 From: David Greenman <dg@root.com> To: Jason Wells <jcwells@u.washington.edu> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Jargon Message-ID: <199706272319.QAA20615@implode.root.com> In-Reply-To: Your message of "Fri, 27 Jun 1997 22:59:28 -0000." <3.0.2.32.19970627225928.007ed780@jcwells.deskmail.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>While reading a freebsd document I came across this term which I have seen >many times and never researched. The term is "arbitrary code" and here it >is used in context. > > Due to its nature, the lpr program is setuid root. Unfortunately, > the program does not do sufficient bounds checking on arguments which > are supplied by users. As a result it is possible to overwrite the > internal stack space of the program while it's executing. This can > allow an intruder to execute **arbitrary code** by crafting a carefully > designed argument to lpr. > >TNHD does not include this definition. It means that the user can execute computer instructions of his chosing, and thus can make "lpr" do things it was never meant to do - perhaps use it to break into the system. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199706272319.QAA20615>