Re: ddd smashed

[l0rtamus Prime <simon () micron snosoft com>]

Indeed,
        I never said this was a serious problem, yet it is still a
problem.  If I am able to smash a stack in somthing then I feel that it is
worth telling others about.  I can't think of any instance where this
would be useful (yet) but who am I to say that no one else can? I would
rather post something and have others confirm that it is useless, than not
post something because I assume that it is useless.


-l0rt-

---------------------------------------------------------------------
Disclaimer: Any resemblance between the above views and those of
my employer, my terminal, or the view out my window are purely
coincidental.  Any resemblance between the above and my own views is
non-deterministic.  The question of the existence of views in the
absence of anyone to hold them is left as an exercise for the reader.
The question of the existence of the reader is left as an exercise for
the second god coefficient.  (A discussion of non-orthogonal,
non-integral polytheism is beyond the scope of this article.)
---------------------------------------------------------------------

On Wed, 16 Jan 2002, Pavel Kankovsky wrote:

> On 16 Jan 2002, l0rt wrote:
>
> > Why would anyone want to do it? None the less it is still a problem/bug
> > that should be fixed. If you choose to be ignorant and assume that
> > people do not do stupid things then please do not try to force that on
> > me.
>
> What I want to say is that this bug is irrelevant from the security POV
> because the mere fact you allow someone to start debugger as, say, root,
> gives the user in question full control over the superuser (do you know
> there is a "shell" command in gdb) and there is no need to exploit buffer
> overflows in ddd.
>
> --Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
> "Resistance is futile. Open your source code and prepare for assimilation."