Bugtraq mailing list archives
Re: response to the bugtraq report of buffer overruns in imapd LISTcommand
From: peter () GRENDEL ENG BAILEYNM COM (Peter da Silva)
Date: Mon, 17 Apr 2000 21:09:40 -0500
In article <MailManager.956006273.15421.mrc () ikkoku-kan panda com>, Mark Crispin <MRC () CAC WASHINGTON EDU> wrote:
If you have a "closed" system (which is the only type of system where this bug matters), a much better solution is to insert the following instruction in routine pw_login() in env_unix.c: if (chroot (home ? home : ANONYMOUSHOME)) chroot ("/tmp");
(1) Shouldn't this be: if (chroot (home ? home : ANONYMOUSHOME)) log_fatal_error_and_exit; (2) Being able to execute arbitrary code on a TCP/IP-connected system, even from a chrooted "jail", may be worthwhile. One can mount attacks on other systems, possibly in a DMZ, and at any rate get another host to run DDOS software on. (3) Defense in depth. If you find a hole, you close it, that way any hole behind this one can't be exploited.
Another important measure is to use StackGuard. I am very surprised at the implication that RedHat doesn't use StackGuard. Is that really true?
StackGuard is another example of defense-in-depth.
Current thread:
- Re: response to the bugtraq report of buffer overruns in imapd LISTcommand Peter da Silva (Apr 17)