[39532] in Cypherpunks
Re: NYT on Netscape Crack
daemon@ATHENA.MIT.EDU (Ray Cromwell)
Wed Sep 20 00:08:38 1995
From: Ray Cromwell <rjc@clark.net>
To: perry@piermont.com
Date: Wed, 20 Sep 1995 00:03:04 -0400 (EDT)
Cc: jsw@neon.netscape.com, cypherpunks@toad.com
In-Reply-To: <199509200324.XAA03268@frankenstein.piermont.com> from "Perry E. Metzger" at Sep 19, 95 11:24:15 pm
> >
> > Sigh. For your information the security code for 1.x versions of
> > netscape was not even written by someone from NCSA.
>
> If there is ANY place in the code that I can do a data driven buffer
> overflow, I can force you to execute code that I supply. I don't give
> a damn if it's in the "security" code. It makes no difference where it
> is. If there is a chink, thats it -- you're meat.
How would you do this if the buffer overflow happened in a buffer
which was allocated in a separate protected heap apart from stack
and executable data?
-Ray
