At 10:27 12.05.1997 -0700, Gavin wrote:
>Unix sucks.
...
>Another example is record lengths. (...) Thus passing
>arbitrary binary data through programs that were designed to read
>only files containing well-formed text data leads to some
>interesting results.
...
Sometimes (more often than desirable) these "interesting results"
are called "security hole" because the Unix program involved was one
of those that use the setuid or setgid permission bits to be run as
superuser (regardless of which user launched it) AND the "bad data"
can be cleverly constructed to "hijack" the process and have do ugly
things...
Lars (oops, I hope, I did not unveil well-kept secrets ;-)