On 16 Jan 2002, l0rt wrote: > Why would anyone want to do it? None the less it is still a problem/bug > that should be fixed. If you choose to be ignorant and assume that > people do not do stupid things then please do not try to force that on > me. What I want to say is that this bug is irrelevant from the security POV because the mere fact you allow someone to start debugger as, say, root, gives the user in question full control over the superuser (do you know there is a "shell" command in gdb) and there is no need to exploit buffer overflows in ddd. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 13:19:26 PST