Bugtraq mailing list archives
Re: Smashing the Stack: prevention?
From: bofh () SNOOPY VIRTUAL NET AU (Russell Coker)
Date: Mon, 28 Apr 1997 19:04:52 +1100
1. 'you gotta change the code'
These are just plugs in the bursting dike. The problem is not that privileged code is insecure. The problem is that there is too much privileged code.
I agree. For example I'd like to know why almost everyone runs sendmail as root. It seems that Sendmail has more security holes than most other server software for the UNIX platform combined, yet it gets run with the highest privilidge level! I've got Sendmail running on my servers without any root access. Here's a web page explaining what I did: http://www.virtual.net.au/~rjc/sendmail.html If you have any suggestions to improve my Sendmail setup then please let me know. Russell Coker
Current thread:
- Smashing the Stack: prevention? nate (Apr 27)
- Re: Smashing the Stack: prevention? Thomas H. Ptacek (Apr 27)
- Re: Smashing the Stack: prevention? Russell Coker (Apr 28)
- Possibly exploitable buffer overflow in Solaris 2.5.1 ps Joe Zbiciak (Apr 28)
- Re: Possibly exploitable buffer overflow in Solaris 2.5.1 ps Geoffrey KEATING (Apr 29)
- Digital UNIX/Irix mesg problem Tom Leffingwell (Apr 29)
- Re: Digital UNIX/Irix mesg problem John Sheehy (Apr 29)
- Access control on W3C httpd server Peter Lord (Apr 30)
- vulnerabilities in kerberos David Sacerdote (Apr 29)
- Sun Security Bulletin #00139 Sun Security Coordination Team (Apr 29)
- SMASHING THE STACK: PREVENTION? massimo at vnet.ibm.com (Apr 28)
- Re: SMASHING THE STACK: PREVENTION? Alex Belits (Apr 28)
- Re: SMASHING THE STACK: PREVENTION? Thomas H. Ptacek (Apr 29)
- Re: Smashing the Stack: prevention? Thomas H. Ptacek (Apr 27)