buffer overruns was Re: FW: SECURITY WATCH

Kirk Wood cpt.kirk at 1tree.net
Fri Jun 30 14:06:22 EDT 2000


A buffer overrun occurs durring input of data. The program requests some
information which is then passed to a variable. But if the variable is not
designed to contain as much data as is attempted to place into it, it runs
out the end and can cover memory that was for other things. This could in
some cases allow the excess to become executing code. Mostly it causes the
program (and sometimes system) to crash.

On a Unix system (including Linux and other variants) if this happens with
a program that runs as root, then the person who caused the problem may
end up in a shell with the access from the program (or root).

But, most of these security holes have been patched because the source is
available and people go looking for such possibilities. Understand that
some of the holes that are published are theoretical. Nobody has actually
made it to root access. The code just suggests that it could be
done. Then, when you have a proprietary system, the same hole may show up
in the next version. Not that I would point out any MSlop flaws mind you.

-- 
Kirk Wood
Cpt.Kirk at 1tree.net
------------------

Seek simplicity -- and distrust it.
		Alfred North Whitehead






More information about the Speakup mailing list