Re: Backport of the integer overflow in the brk system call

To: debian-devel@lists.debian.org
Subject: Re: Backport of the integer overflow in the brk system call
From: Geoff Richards <qef@ungwe.org>
Date: Tue, 2 Dec 2003 23:46:45 +0000
Message-id: <[🔎] 20031202234645.GF13612@ungwe.org>
In-reply-to: <[🔎] 20031202212828.GA30845@comcast.net>
References: <[🔎] 3FCBCF99.3000907@sentinel.dk> <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org> <[🔎] 20031202102343.GA7743@comcast.net> <[🔎] E1AR8O9-0002Pi-7j@mid.downhill.at.eu.org> <[🔎] 20031202141451.GC6613@compsoc.dur.ac.uk> <[🔎] 7ir7zn45tn.fsf@enark.csis.hku.hk> <[🔎] 20031202163151.GA20940@comcast.net> <[🔎] 87znebyp49.fsf@alice.rotty.yi.org> <[🔎] 20031202212828.GA30845@comcast.net>

On Tue, Dec 02, 2003 at 01:28:28PM -0800, Tom wrote:
> On Tue, Dec 02, 2003 at 08:51:50PM +0100, Andreas Rottmann wrote:
> > Tom <tb.31123.nospam@comcast.net> writes:
> > 
> > > On Tue, Dec 02, 2003 at 11:06:44PM +0800, Isaac To wrote:
> > >> rather far from changing anything in the kernel memory.  Andreas is
> > >> definitely right that the hole doesn't look like that it is that dangerous.
> > >
> > [snip]
> > >
> > > If it wasn't a big deal we wouldn't be talking about it.  It shut down 
> > > servers.  It's dangerous enough.
> > >
> > Note the "looks like".
> 
> I read all the words but took a completely different meaning :-)
> I'm from the South, we have different speech patterns...

South of where?

> "the hole doesn't look like that it is that dangerous"
> means something different than
> the hole doesn't look like that it is dangerous"
> in my ears ...
> 
> "that" is diminuitve in my dialect if you don't put emphasis on it :-)

As far as security goes, we have to take 'dangerous' to mean
exactly that, diminutive or not.  But if it didn't look like
a vulnerability then we can't blame anyone for missing it.

-- 

--- Geoff Richards -------------><-------------- http://ungwe.org/ ---
"I tried to fling my shadow at the moon,
 The while my blood leapt with a wordless song."  --  Theodore Roethke

Reply to:

Follow-Ups:
- Re: Backport of the integer overflow in the brk system call
  - From: Tom <tb.31123.nospam@comcast.net>
- Re: Backport of the integer overflow in the brk system call
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Backport of the integer overflow in the brk system call
  - From: Tom <tb.31123.nospam@comcast.net>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Backport of the integer overflow in the brk system call
  - From: Jonathan Dowland <jmtd@compsoc.dur.ac.uk>
- Re: Backport of the integer overflow in the brk system call
  - From: Isaac To <kkto@csis.hku.hk>
- Re: Backport of the integer overflow in the brk system call
  - From: Tom <tb.31123.nospam@comcast.net>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Rottmann <a.rottmann@gmx.at>
- Re: Backport of the integer overflow in the brk system call
  - From: Tom <tb.31123.nospam@comcast.net>

Prev by Date: Re: [custom] The term "flavor" and encouraging work on Debian
Next by Date: Re: Some ideas quickly jotted down
Previous by thread: Re: Backport of the integer overflow in the brk system call
Next by thread: Re: Backport of the integer overflow in the brk system call
Index(es):
- Date
- Thread