Re: Backport of the integer overflow in the brk system call
On Tue, 2003-12-02 at 17:31, Tom wrote:
> On Tue, Dec 02, 2003 at 11:06:44PM +0800, Isaac To wrote:
> > rather far from changing anything in the kernel memory. Andreas is
> > definitely right that the hole doesn't look like that it is that dangerous.
>
> It messed up your life for a couple weeks.
>
> Jesus, it's not the end of the world, but that's the way Microsoft (used
> to | still) thinks.
>
> If it wasn't a big deal we wouldn't be talking about it. It shut down
> servers. It's dangerous enough.
>
Of course it is a dangerous hole. As you say that has already been
shown.
But the point was that it didn't _look_ dangerous when the bug was
discovered. Had it looked dangerous, a security update would have been
issued.
/Jens
Reply to: