Re: response to the bugtraq report of buffer overruns in imapd LISTcommand

[peter () GRENDEL ENG BAILEYNM COM (Peter da Silva)]

In article <MailManager.956006273.15421.mrc () ikkoku-kan panda com>,
Mark Crispin  <MRC () CAC WASHINGTON EDU> wrote:
> If you have a "closed" system (which is the only type of system where this bug
> matters), a much better solution is to insert the following instruction in
> routine pw_login() in env_unix.c:
>   if (chroot (home ? home : ANONYMOUSHOME)) chroot ("/tmp");

(1) Shouldn't this be:

        if (chroot (home ? home : ANONYMOUSHOME)) log_fatal_error_and_exit;

(2) Being able to execute arbitrary code on a TCP/IP-connected system, even
    from a chrooted "jail", may be worthwhile. One can mount attacks on other
    systems, possibly in a DMZ, and at any rate get another host to run DDOS
    software on.

(3) Defense in depth. If you find a hole, you close it, that way any hole
    behind this one can't be exploited.

> Another important measure is to use StackGuard.  I am very surprised at the
> implication that RedHat doesn't use StackGuard.  Is that really true?

StackGuard is another example of defense-in-depth.