Full Disclosure mailing list archives

RE: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution

From: Steve Wray <steve.wray () paradise net nz>
Date: Thu, 19 Feb 2004 07:05:34 +1300

[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
gabriel rosenkoetter

[snip]


Oh, give me a break. Some developer went, "Oh, hey, I'm not bounds
checking there. Okay, fix that," and the changes filtered out into
the release of IE.


I'm curious. As a non-C programmer, is there ever a reason to
*not* do bounds checking? (I mean outside of intensely performance
critical applications like realtime control systems (which would
probably be better in assembly anyway). I don't count an OS or a
web browser as 'intensely performance critical'; they are, rather,
'intensely security and stability critical').

Thanks!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Microsoft source code "leak", (continued)
- - Re: Microsoft source code "leak" Joshua Levitsky (Feb 15)
- Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution KF (Feb 15)
  - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 15)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution KF (Feb 15)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 15)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Byron Copeland (Feb 15)
    - RE: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Aditya, ALD [Aditya Lalit Deshmukh] (Feb 16)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 17)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Dave Sherohman (Feb 18)
    - RE: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Steve Wray (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution insecure (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Bill Royds (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Phil Brutsche (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Byron Copeland (Feb 18)

(Thread continues...)