Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <tech-kern@netbsd.org>
From: Ignatios Souvatzis <ignatios@cs.uni-bonn.de>
List: tech-kern
Date: 12/01/2000 11:05:26
--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Nov 30, 2000 at 09:48:30PM -0500, Greg A. Woods wrote:
> No, not good at all, but also not in any way related to any set-ID
> issues (unless of course the mailer is running set-ID, which of course
> is a pretty brain-dead thing to do these days!). That's just a case of
> sanitizing normal user-provided data before acting upon it --
> i.e. robust programming.
Agreed, every single workd that I cited, and most of the words furtheron
in your message that I didn't cite.
But you claimed before that buffer overflows are no vital problem if they
can't create a root exploit, and I told you that in my world, buffer
overflows are a vital problem even for non-root.
Yes, root exploits are bad... root can do everything evil to a machine,
including reading vital data. But you don't need root to read vital data,
you only need the id that owns them.
Regards,
Ignatios
--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: 2.6.i
iQEVAgUBOid34TCn4om+4LhpAQH6nwf/afYPNnAib7yr7uFswSPhm9x5BIr9rmUQ
m4mdBRLtM0SVAMc0bLxFqoy0ZrRa3MW6JIafMjTonTSdFeiOBUEypiVD8WzohP9W
yQANxOpoctwYot9DDPo5CNlFijWgtudzVNW9lIhVFf5+NSHMQ9ziHr0v16sNJAkw
2ZhMqI0mLWpNK0mVCDhb0yS99enyV0JT5QcGkylAYwhhCOnGyPR1Wpdt5Lw6nukr
2A6YOtY6IzqQJfS8JFi21DmmHedAvIcaQy70Oz6/KcIOPTLs8qU954+kj+3FYkfG
f2bArhBrk/FWOKDUlVrYiZlsqBy6TgMVwxDiUM/mF8ruHoWlsAb+YA==
=vrxs
-----END PGP SIGNATURE-----
--mP3DRpeJDSE+ciuQ--