Re: ddd smashed

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On 16 Jan 2002, l0rt wrote:

> Why would anyone want to do it? None the less it is still a problem/bug
> that should be fixed. If you choose to be ignorant and assume that
> people do not do stupid things then please do not try to force that on
> me. 

What I want to say is that this bug is irrelevant from the security POV
because the mere fact you allow someone to start debugger as, say, root,
gives the user in question full control over the superuser (do you know
there is a "shell" command in gdb) and there is no need to exploit buffer
overflows in ddd.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."