Re: ddd smashed

From: l0rtamus Prime (simon@micron.snosoft.com)
Date: 01/16/02


Date: Wed, 16 Jan 2002 17:42:51 -0500 (EST)
From: l0rtamus Prime <simon@micron.snosoft.com>
To: Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>

Indeed,
         I never said this was a serious problem, yet it is still a
problem. If I am able to smash a stack in somthing then I feel that it is
worth telling others about. I can't think of any instance where this
would be useful (yet) but who am I to say that no one else can? I would
rather post something and have others confirm that it is useless, than not
post something because I assume that it is useless.

-l0rt-

---------------------------------------------------------------------
Disclaimer: Any resemblance between the above views and those of
my employer, my terminal, or the view out my window are purely
coincidental. Any resemblance between the above and my own views is
non-deterministic. The question of the existence of views in the
absence of anyone to hold them is left as an exercise for the reader.
The question of the existence of the reader is left as an exercise for
the second god coefficient. (A discussion of non-orthogonal,
non-integral polytheism is beyond the scope of this article.)
---------------------------------------------------------------------

On Wed, 16 Jan 2002, Pavel Kankovsky wrote:

> On 16 Jan 2002, l0rt wrote:
>
> > Why would anyone want to do it? None the less it is still a problem/bug
> > that should be fixed. If you choose to be ignorant and assume that
> > people do not do stupid things then please do not try to force that on
> > me.
>
> What I want to say is that this bug is irrelevant from the security POV
> because the mere fact you allow someone to start debugger as, say, root,
> gives the user in question full control over the superuser (do you know
> there is a "shell" command in gdb) and there is no need to exploit buffer
> overflows in ddd.
>
> --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
> "Resistance is futile. Open your source code and prepare for assimilation."
>
>
>



Relevant Pages

  • mpg321
    ... Any resemblance between the above and my own views is ... The question of the existence of views in the ... absence of anyone to hold them is left as an exercise for the reader. ...
    (Vuln-Dev)
  • Re: interpreting netstat -s
    ... Any resemblance between the above views and those of my employer, ... question of the existence of views in the absence of anyone to hold them ... the reader is left as an exercise for the second god coefficient. ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Male Cyclists Doomed To Become Impotent ?
    ... resemblance between the above and my own views is non-deterministic. ... question of the existence of views in the absence of anyone to hold them ... the reader is left as an exercise for the second god coefficient. ...
    (rec.bicycles.misc)
  • Re: Have I watched B5 too many times?
    ... Any resemblance between the above views and those of my ... The question of the existence of views in the ... absence of anyone to hold them is left as an exercise for the reader. ...
    (rec.arts.sf.tv.babylon5.moderated)
  • How Were Those Tables Computed?
    ... Even more remarkable than the existence of such tables, ... I leave it as an exercise for the reader, ... Prev by Date: ...
    (sci.math)