HP3000-L Archives

May 1997, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Unix and record buffers (was: MPE Language Survey)
From:
Lars Appel <[log in to unmask]>
Reply To:
Lars Appel <[log in to unmask]>
Date:
Tue, 13 May 1997 22:10:11 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (18 lines) 
At 10:27 12.05.1997 -0700, Gavin wrote:
>Unix sucks.
...
>Another example is record lengths. (...) Thus passing
>arbitrary binary data through programs that were designed to read
>only files containing well-formed text data leads to some
>interesting results.
...

Sometimes (more often than desirable) these "interesting results"
are called "security hole" because the Unix program involved was one
of those that use the setuid or setgid permission bits to be run as
superuser (regardless of which user launched it) AND the "bad data"
can be cleverly constructed to "hijack" the process and have do ugly
things...

Lars (oops, I hope, I did not unveil well-kept secrets ;-)

ATOM RSS1 RSS2