Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: Greg KH <greg () WIREX COM>
Date: Tue, 5 Sep 2000 21:57:27 -0700
On Tue, Sep 05, 2000 at 05:09:20PM +0200, typo () INFERNO TUSCULUM EDU wrote:
where's the need for research? i've made glibc rpms without %n the day the first format bugs went to bugtraq, and had them installed on all of my [linux] machines since then...
That doesn't solve much, as there are a bunch of programs out there that actually _use_ the '%n' modifier legitimately. Once the format bugs came out, I did a scan of all of the source code on a RedHat box. There are more programs that use '%n' than I expected. I can dig up the list if people want. So a "real" solution can't just ignore the C Standard. And just removing '%n' isn't a "real" solution. greg k-h -- greg@(kroah|wirex).com
Current thread:
- stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection antirez (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection typo (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection Benjamin Karas (Sep 05)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Greg KH (Sep 05)
- Re: stackguard-like embedded protection Juliano Rizzo (Sep 06)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 05)
- Re: stackguard-like embedded protection H D Moore (Sep 05)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 06)
- Re: stackguard-like embedded protection Slawek (Sep 07)
- Re: stackguard-like embedded protection antirez (Sep 04)
- Re: stackguard-like embedded protection antirez (Sep 08)
- Message not available
- Re: stackguard-like embedded protection antirez (Sep 12)