Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: easmith () BEATRICE RUTGERS EDU (Allen Smith)
Date: Mon, 20 Jul 1998 21:13:31 -0400
On Jul 16, 11:04pm, Perry E. Metzger (possibly) wrote:
Craig Spannring writes:C should not be used for trusted programs.Unfortunately, there are not really good open source alternatives. GCC is everywhere. One thing that I wonder about, though, is that several years ago, some guy in the U.K. did a bounds checking version of GCC. It would be Very Neat if someone were to track that down and get the egcs people to make it available.
http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html This is for 2.7.2. Be forewarned that it results in _very_ slow programs - an example was cited on the FreeBSD-security mailing list as follows (Don.Lewis () tsc tdk com): |It may be worse than that. In a desparate attempt to track down a |bug in BIND, I recompiled it with the bounds checking version of |gcc. On a fairly zippy machine, it took about half an hour to load |a few zones with a total of a few hundred hosts. Under light query |load it was gobbling about 30% of the CPU. |In the situations where I've used code compiled this way, it seems |to average about a factor of 20 more expensive in terms of CPU usage.
In the long run, I'm hoping for Java front ends for GCC that make it possible to do reasonable open source programming in a reasonable language. Until then...
I'd add that a Perl compiler is in development. -Allen -- Allen Smith easmith () beatrice rutgers edu
Current thread:
- Re: Bounds Checking, (continued)
- Re: Bounds Checking Andrew McNaughton (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Andy Church (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd matt (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: Bounds checking - historical aside Brett Glass (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Belits (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allen Smith (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Dave Andersen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Jim Greene (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Peter Jeremy (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd IBS / Andre Oppermann (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Adam Shostack (Jul 23)
- Security Bulletins Digest vtmue () HEAVEN RUF UNI-FREIBURG DE (Jul 23)
- Apache 1.3.1 Released! Aleph One (Jul 23)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Le Heux (Jul 22)
(Thread continues...)