Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: kragen () POBOX COM (Kragen)
Date: Fri, 17 Jul 1998 10:14:47 -0400
On Thu, 16 Jul 1998, Craig Spannring wrote:
Anonymous writes: > In some ways, it is depressing to find this new hole. Programmers are > still making the same mistakes they have made for years. Doesn't anyone > learn from the past? Can strcpy() ever be used safely? Perhaps the > software development community, and certainly those writing network service > daemons that run as root, should discontinue using *any* C library C should not be used for trusted programs. The lack of true arrays with array bounds checking alone makes it too hazardous.
Many of the people on this list already know this, but there are experimental bounds-checking extensions to gcc that do exactly what you're looking for: The first work I know of on bounds-checking for gcc was done by Richard W. M. Jones and Paul Kelly, and is at http://www.doc.ic.ac.uk/~phjk/BoundsChecking.html Greg McGary <gkm () eng ascend com> did some other work. Announcement: http://www.cygnus.com/ml/egcs/1998-May/0073.html Richard Jones and Herman ten Brugge did other work. Announcement: http://www.cygnus.com/ml/egcs/1998-May/0557.html Greg compares different approaches in http://www.cygnus.com/ml/egcs/1998-May/0559.html Kragen
Current thread:
- EMERGENCY: new remote root exploit in UW imapd Anonymous (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Perry E. Metzger (Jul 16)
- Writing safe code: Java? (was: Re: EMERGENCY: new remote root Art Werschulz (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alec Kosky (Jul 16)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 17)
- Buffer overflows. was Re: EMERGENCY: new remote root exploit in Craig Spannring (Jul 17)
- Re: Buffer overflows. was Re: EMERGENCY: new remote root exploit Geoffrey KEATING (Jul 19)
- Re: EMERGENCY: new remote root exploit in UW imapd FanLi Tai (Jul 18)
- Re: EMERGENCY: new remote root exploit in UW imapd Brett Lymn (Jul 19)
- Re: EMERGENCY: new remote root exploit in UW imapd Perry E. Metzger (Jul 16)
- SECURITY: imap-4.1.final now available twiztah (Jul 16)
- Verity/Search'97 Security Problems Jay Soffian (Jul 16)
- New Java Security Flaw Found Gary McGraw (Jul 17)
- Re: New Java Security Flaw Found Greg Alexander (Jul 18)
- Re: New Java Security Flaw Found Sean Garagan (Jul 20)
- Fwd: Security warning: Netscape 4.0x https & Squid 1.2beta proxy Fred Donck (Jul 20)
- Re: New Java Security Flaw Found Greg Alexander (Jul 18)
(Thread continues...)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 16)