[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backport of the integer overflow in the brk system call

On Wed, 3 Dec 2003 10:20, Andrew Pollock <debian-lists@andrew.net.au> wrote:
> What bugs the hell out of me is that people with nothing better to do with
> their time can sit on the lkml and watch what's getting fixed, and put more
> analysis into individual fixes than the kernel maintainers themselves can,
> and cook up an exploit for what all and sundry previously believed to be
> reasonably benign.
>
> I love the bazaar development model, but I see this as a serious flaw with
> it...

Of course someone could look at the MS fixes and do some decompilation for a 
similar result.  Sure it would be more difficult to analyse the assembler 
code produced from decompilation than to analyse C source, but OTOH there is 
no possibility for other people to try to fix bugs either.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: