Re: Stack Smashing and no-exec

Kragen (kragen@pobox.com)
Fri, 7 Aug 1998 18:27:37 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert D. Cahalan: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"
Previous message: Hans Reiser: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"

On Fri, 7 Aug 1998, Chip Salzenberg wrote:
> According to Kragen:
> > You say "poorly written". The trouble is, essentially all setuid
> > programs or as-root-running daemons are poorly-written enough to have
> > buffer-overflows in them. The only one I know about that hasn't had
> > them yet is qmail-lspawn.
>
> Perl 5.004? It's the first version I worked on; I think we got them
> all excised. OTOH, we had to reimplement sprintf() to do it.

Well, I didn't mean all versions of all setuid programs or root
daemons. After all, someone could point to the latest version of
almost any security-sensitive program and say that all buffer overflows
have been fixed.

My point was that the level of "poorly written" required to allow
buffer overflows is very low, so much so that even Perl has had
instances thereof.

I should also exempt programs written in safe languages; I'm sure that
(barring buggy compilers or interpreters) all programs written in Ada,
(bounds-checked) Pascal, (bounds-checked) Fortran, (bounds-checked)
Algol, Lisp, Scheme, Perl, Python, or Java will be safe.

Kragen

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Albert D. Cahalan: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"
Previous message: Hans Reiser: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"