From owner-freebsd-security Tue Jul 21 15:16:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA27065 for freebsd-security-outgoing; Tue, 21 Jul 1998 15:16:35 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from indigo.ie (nsmart@ts01-022.dublin.indigo.ie [194.125.134.32]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA27054 for ; Tue, 21 Jul 1998 15:16:23 -0700 (PDT) (envelope-from rotel@indigo.ie) Received: (from nsmart@localhost) by indigo.ie (8.8.8/8.8.7) id XAA02709; Tue, 21 Jul 1998 23:10:27 +0100 (IST) (envelope-from rotel@indigo.ie) From: Niall Smart Message-Id: <199807212210.XAA02709@indigo.ie> Date: Tue, 21 Jul 1998 23:10:27 +0000 In-Reply-To: <8496.900909928@time.cdrom.com>; "Jordan K. Hubbard" Reply-To: rotel@indigo.ie X-Files: The truth is out there X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96) To: "Jordan K. Hubbard" , Brett Glass Subject: Re: The 99,999-bug question: Why can you execute from the stack? Cc: dg@root.com, Warner Losh , Archie Cobbs , security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Jul 19, 9:45pm, "Jordan K. Hubbard" wrote: > > Seriously, that code had so many potential exploits and stack > overflows that I seriously doubt all the stack protection in the world > would have saved you. It didn't need a band-aid, it needed a thorough > audit which now, after all the horses have escaped the barn, seems to > finally be happening. Auditing isn't the answer to programs which have been maldesigned and malimplemented right from the very beginning, rm is. Sometimes programs reach a point of no return, at which the only sensible thing to do is start again with the benefit of experience. Sendmail and QMail are good examples of the former and latter. Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message