Date: Mon, 17 Feb 1997 16:08:37 -0800 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: Charles Mott <cmott@srv.net> Cc: "David O'Brien" <obrien@NUXI.com>, Michael Smith <msmith@atrad.adelaide.edu.au>, freebsd-chat@freebsd.org Subject: Re: Countering stack overflow Message-ID: <28127.856224517@time.cdrom.com> In-Reply-To: Your message of "Mon, 17 Feb 1997 13:28:52 MST." <Pine.BSF.3.91.970217132230.2620A-100000@darkstar>
next in thread | previous in thread | raw e-mail | index | archive | help
> This is the final post of a long back and forth exchange. I'm sorry my > terminology is not up to your standards, but I think if you read the > entire thread, you will see that my understanding is fairly clear. Do > your homework before making an obnoxious statement. > > The fact that FreeBSD is so easily exploited by stack overflow > techniques, when the method has been widely known for probably a decade > is the real tragedy here. Boys, boys, please calm down! :-) To put the matter even more in perspective, RTFM (Robert T Fuckin' Morris) did not invent the exploits used in his worm, they came from security advisory information he became privy to through his *father's* involvement as head of ARPAnet security, or whatever the exact title of Bob Morris's position was. I don't think that the father was actually tossing this kind of stuff down in front of his son directly, but sone somehow got ahold of it and the rest is history. My point? These sorts of problems have been around since the 70's, when Bob Morris was collecting his security advisories. They've probably popped up in TOPS, ITS, Twenex, VMS and every OS in-between, and I daresay that many are probably *still there*. This is a problem as old as programming, and to castigate the FreeBSD team specifically for it is just silly. Sure, everyone knows about the famous fingerd hole and the problem of stack overflow in general - why do you think gets() started spewing out that obnoxious warning a long time back? Knowing about a problem, like stack overflow or goto abuse or improper indentation or any of a thousand different programmer evils does NOT somehow automatically prevent such problems from reoccuring in the future, and I don't care who the programmer is or what the operating system under discussion might be - as long as humans are doing the programming, all are vulnerable to a repetition of history. Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28127.856224517>