Re: libresolv+ bug

[proff () suburbia net (Julian Assange)]

> But, as we all know, that's not a particularly effective solution to the
> problem. The real problems, as I'm sure you'll agree, der Mouse, are that
> SUID programs aren't being written carefully enough, library routines that
> are potentially depended on by SUID programs aren't written with those
> security issues in mind, and, in general, most Unix OS's give
> "priveledged" programs that need to do one or two specific things far, far
> too much power.

> From what I have seen, stack exploits are considerably harder on Alpha
architecture as the mmu does not grant the stack exec permissions, and the
data space grows upwards, meaning that any over-written return address
must contain a NULL if you the trojan code there. Calling code in the
text segment, is still possible, if almost always futile.

--
"Of all tyrannies a tyranny sincerely  exercised for the good of its victims
 may be the most  oppressive.  It may be better to live under  robber barons
 than  under  omnipotent  moral busybodies,  The robber baron's  cruelty may
 sometimes sleep,  his cupidity may at some point be satiated; but those who
 torment us for own good  will torment us  without end,  for they do so with
 the approval of their own conscience."    -   C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO   | PO Box 2031 BARKER | Secret Analytic Guy Union        |
|proff () suburbia net   | VIC 3122 AUSTRALIA | finger for PGP key hash ID =     |
|proff () gnu ai mit edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+