Indeed, I never said this was a serious problem, yet it is still a problem. If I am able to smash a stack in somthing then I feel that it is worth telling others about. I can't think of any instance where this would be useful (yet) but who am I to say that no one else can? I would rather post something and have others confirm that it is useless, than not post something because I assume that it is useless. -l0rt- --------------------------------------------------------------------- Disclaimer: Any resemblance between the above views and those of my employer, my terminal, or the view out my window are purely coincidental. Any resemblance between the above and my own views is non-deterministic. The question of the existence of views in the absence of anyone to hold them is left as an exercise for the reader. The question of the existence of the reader is left as an exercise for the second god coefficient. (A discussion of non-orthogonal, non-integral polytheism is beyond the scope of this article.) --------------------------------------------------------------------- On Wed, 16 Jan 2002, Pavel Kankovsky wrote: > On 16 Jan 2002, l0rt wrote: > > > Why would anyone want to do it? None the less it is still a problem/bug > > that should be fixed. If you choose to be ignorant and assume that > > people do not do stupid things then please do not try to force that on > > me. > > What I want to say is that this bug is irrelevant from the security POV > because the mere fact you allow someone to start debugger as, say, root, > gives the user in question full control over the superuser (do you know > there is a "shell" command in gdb) and there is no need to exploit buffer > overflows in ddd. > > --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] > "Resistance is futile. Open your source code and prepare for assimilation." > > >
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 14:44:48 PST