From owner-freebsd-security  Sat Dec 14 13:30:25 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id NAA14875
          for security-outgoing; Sat, 14 Dec 1996 13:30:25 -0800 (PST)
Received: from destiny.erols.com (someone@destiny.erols.com [207.96.73.65])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id NAA14864;
          Sat, 14 Dec 1996 13:30:21 -0800 (PST)
Received: from localhost (jdowdal@localhost) by destiny.erols.com (8.8.4/8.6.12) with SMTP id QAA20784; Sat, 14 Dec 1996 16:28:37 -0500 (EST)
Date: Sat, 14 Dec 1996 16:28:36 -0500 (EST)
From: John Dowdal <jdowdal@destiny.erols.com>
To: proff@suburbia.net
cc: Steve Reid <steve@edmweb.com>, hackers@freebsd.org, security@freebsd.org
Subject: Re: questions...
In-Reply-To: <19961214204416.972.qmail@suburbia.net>
Message-ID: <Pine.BSI.3.95.961214162415.20730A-100000@destiny.erols.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 15 Dec 1996 proff@suburbia.net wrote:

> Unfortunately this isn't a total cure, because there are 1001 stack overflows
> in NON-suid programs.

So what.  The programs will just core dump if they stack overflow, else
just not work right.  Since they are not SUID and not run as root [inetd,
...], they won't be able to get root if they blow up.

John