Re: StackGuard
On Mon, Nov 09, 1998 at 03:31:08PM -0500, Avery Pennarun wrote:
> Actually, only daemons running as root, and setuid programs would
> need to be compiled with stackguard. Other programs are just as
> vulnerable to stack overflows, but there's not much point in me
> crashing my own copy of ls :)
> Now, how many daemons are still around that run as root... as few as
> possible :)
You also have to look at what programs root runs on tainted data.
Remember the big fiasco with 'update' or whatever it was a while ago?
Didn't it turn out to be 'find' or something? Don't recall the
specifics, but it certainly wasn't an suid program.
I concur with the idea that it should be looked upon as a port.
--
David Welton http://www.efn.org/~davidw
Debian GNU/Linux - www.debian.org
Reply to:
- References:
- StackGuard
- From: Enrico Cherubini <kevin@arena.sci.univr.it>
- Re: StackGuard
- From: "J.H.M. Dassen \(Ray\)" <jdassen@wi.leidenuniv.nl>
- Re: StackGuard
- From: Avery Pennarun <apenwarr@worldvisions.ca>