Subject: Re: Addition to force open to open only regular files
To: NetBSD Kernel Technical Discussion List <tech-kern@netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: tech-kern
Date: 12/01/2000 11:42:08
[ On Friday, December 1, 2000 at 11:05:26 (+0100), Ignatios Souvatzis wrote: ]
> Subject: Re: Addition to force open to open only regular files
>
> But you claimed before that buffer overflows are no vital problem if they
> can't create a root exploit, and I told you that in my world, buffer
> overflows are a vital problem even for non-root.

Yes, sorry, I meant that buffer overflow types of expoits wouldn't be
effective only in the context of set-ID programs.  Certainly they're
still dangerous where a program run by one user is handling data
produced by another user (and of course that could be most any program
in the right circumstances).

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>