Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: peter.jeremy () ALCATEL COM AU (Peter Jeremy)
Date: Wed, 22 Jul 1998 07:49:54 +1000
On Mon, 20 Jul 1998 21:13:31 -0400, Allen Smith <easmith () BEATRICE RUTGERS EDU> wrote:
On Jul 16, 11:04pm, Perry E. Metzger (possibly) wrote:One thing that I wonder about, though, is that several years ago, some guy in the U.K. did a bounds checking version of GCC.http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html This is for 2.7.2. Be forewarned that it results in _very_ slow programs
AFAIK it is no longer maintained. It places a number of unfortunate restrictions on the code (it's incompatible with setjmp()/longjmp() and signal handlers require special treatment). I'm also aware of the following fairly serious bugs: - str[n]casecmp() doesn't work when either string contains characters with the MSB set (I have submitted patches to fix this). - side-effects in multi-dimensional array references are evaluated multiple times. In particular `foo[y++][x]' increments y by 2. (I can see why this is occurring, but not how to cleanly fix it). Peter -- Peter Jeremy (VK2PJ) peter.jeremy () alcatel com au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247
Current thread:
- Re: EMERGENCY: new remote root exploit in UW imapd, (continued)
- Re: EMERGENCY: new remote root exploit in UW imapd matt (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: Bounds checking - historical aside Brett Glass (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Belits (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allen Smith (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Dave Andersen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Jim Greene (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Peter Jeremy (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd IBS / Andre Oppermann (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Adam Shostack (Jul 23)
- Security Bulletins Digest vtmue () HEAVEN RUF UNI-FREIBURG DE (Jul 23)
- Apache 1.3.1 Released! Aleph One (Jul 23)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Le Heux (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd D. J. Bernstein (Jul 28)
- Re: EMERGENCY: new remote root exploit in UW imapd der Mouse (Jul 28)
- Object tag crashes Internet Explorer 4.0 Georgi Guninski (Jul 28)
- Re: Object tag crashes Internet Explorer 4.0 Matt Rose (Jul 29)
- Object tag crashes Internet Explorer 4.0 Georgi Guninski (Jul 28)
(Thread continues...)