From owner-freebsd-security  Sun Feb  9 16:07:19 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id QAA20473
          for security-outgoing; Sun, 9 Feb 1997 16:07:19 -0800 (PST)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id QAA20467
          for <freebsd-security@freebsd.org>; Sun, 9 Feb 1997 16:07:14 -0800 (PST)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 0.56 #1)
	id E0vtjGr-0004Gc-00; Sun, 9 Feb 1997 17:06:57 -0700
To: Marc Slemko <marcs@znep.com>
Subject: Re: buffer overruns 
Cc: freebsd-security@freebsd.org
In-reply-to: Your message of "Sun, 09 Feb 1997 14:26:31 MST."
		<Pine.BSF.3.95.970209140207.11077I-100000@alive.ampr.ab.ca> 
References: <Pine.BSF.3.95.970209140207.11077I-100000@alive.ampr.ab.ca>  
Date: Sun, 09 Feb 1997 17:06:56 -0700
From: Warner Losh <imp@village.org>
Message-Id: <E0vtjGr-0004Gc-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <Pine.BSF.3.95.970209140207.11077I-100000@alive.ampr.ab.ca> Marc Slemko writes:
: While that is currently one of the most popular methods of exploiting
: overflows, it is important to remember that is _not_ the only method;

Yes /tmp races are also fun.  There are a bunch of orthers too: not
dripping privs, revoking privs incorrectly, etc. So are using features
indented for another purpose to hide, conceal or conquer. :-)  Most of
the sendmail and lpr/lpd bugs fall into this last category.

Warner