From owner-freebsd-chat Mon Feb 17 12:34:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA12697 for chat-outgoing; Mon, 17 Feb 1997 12:34:06 -0800 (PST) Received: from darkstar (ras617.srv.net [205.180.127.117]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id MAA12688 for ; Mon, 17 Feb 1997 12:33:53 -0800 (PST) Received: (from cmott@localhost) by darkstar (8.6.12/8.6.12) id NAA02628; Mon, 17 Feb 1997 13:28:54 -0700 Date: Mon, 17 Feb 1997 13:28:52 -0700 (MST) From: Charles Mott X-Sender: cmott@darkstar To: "David O'Brien" cc: Michael Smith , freebsd-chat@FreeBSD.ORG Subject: Re: Countering stack overflow In-Reply-To: <19970217122022.XX15588@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-chat@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 17 Feb 1997, David O'Brien wrote: > Charles Mott writes: > > I see two major categories of security vulnerabilities: > > > > (1) A backdoor which trivially allows someone to become > > a superuser, bypassing all the normal passwords, security > > and authentication. > > > > (2) Data and file manipulation/corruption leading to either > > poor system reliability or compromise of privacy > > > > Category (1) is far more serious, and seems to warrant some broad and > > (1) is NOT a vulnerability (as you've stated it). A "backdoor" is > something purposely installed, and is doing what it intended to do. > Vulnerabilities are things like race conditions, buffer overflows, etc. > > Please do your homework first, then write back. This is the final post of a long back and forth exchange. I'm sorry my terminology is not up to your standards, but I think if you read the entire thread, you will see that my understanding is fairly clear. Do your homework before making an obnoxious statement. The fact that FreeBSD is so easily exploited by stack overflow techniques, when the method has been widely known for probably a decade is the real tragedy here. I have to laugh at people like you a little bit. I got the same garbage thrown in my face when I started the ppp packet aliasing project.