Re: Pentium DEATH in user-mode

Richard Jones (richard@a42.deep-thought.org)
Mon, 10 Nov 1997 10:22:53 +1100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aaron Tiensivu: "Re: Pentium DEATH in user-mode"
Previous message: Bill Hawes: "Re: ufs symlinks fixed"

Oliver Xymoron <oxymoron@waste.org> wrote:
> On Sat, 8 Nov 1997, Richard B. Johnson wrote:
>
> > If your pentium is used as a file-server or something in which a
> > user doesn't log in, you will have no problem. Just rename the gcc
> > compiler so someone can't write code on your system.
>
> Note that this bug means ANY buffer overflow bug, even on non-setuid apps,
> is now an entry point for an attacker to crash your machine. Got users on
> your system who wrote their own CGI apps in C?

Personally I would prefer the system goes down than have a remote user
give themselves a shell on my system. IMO if you have remotely exploitable
buffer overflows then DoS is the least of your problems, but then I guess it
depends on which direction your tolerances lie.

> Ouch. Let's make that
> non-executable stack patch part of the mainstream kernel.
>

Yup.

Richard Jones.

Next message: Aaron Tiensivu: "Re: Pentium DEATH in user-mode"
Previous message: Bill Hawes: "Re: ufs symlinks fixed"