Re: Backport of the integer overflow in the brk system call
On Tue, Dec 02, 2003 at 01:28:28PM -0800, Tom wrote:
> On Tue, Dec 02, 2003 at 08:51:50PM +0100, Andreas Rottmann wrote:
> > Tom <firstname.lastname@example.org> writes:
> > > On Tue, Dec 02, 2003 at 11:06:44PM +0800, Isaac To wrote:
> > >> rather far from changing anything in the kernel memory. Andreas is
> > >> definitely right that the hole doesn't look like that it is that dangerous.
> > >
> > [snip]
> > >
> > > If it wasn't a big deal we wouldn't be talking about it. It shut down
> > > servers. It's dangerous enough.
> > >
> > Note the "looks like".
> I read all the words but took a completely different meaning :-)
> I'm from the South, we have different speech patterns...
South of where?
> "the hole doesn't look like that it is that dangerous"
> means something different than
> the hole doesn't look like that it is dangerous"
> in my ears ...
> "that" is diminuitve in my dialect if you don't put emphasis on it :-)
As far as security goes, we have to take 'dangerous' to mean
exactly that, diminutive or not. But if it didn't look like
a vulnerability then we can't blame anyone for missing it.
--- Geoff Richards -------------><-------------- http://ungwe.org/ ---
"I tried to fling my shadow at the moon,
The while my blood leapt with a wordless song." -- Theodore Roethke