[408] in WWW Security List Archive
Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
daemon@ATHENA.MIT.EDU (Gintaras Richard Gircys (GG148))
Thu Feb 16 22:43:00 1995
From: "Gintaras Richard Gircys (GG148)" <rich@oester.com>
To: www-security@ns2.rutgers.edu
In-reply-to: Message from Wed, 15 Feb 1995 20:27:12 +0900.
<95Feb15.202725+0900_met.63660-2+15@dxal18.cern.ch>
Date: Thu, 16 Feb 1995 16:41:33 -0800
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> This is yet another UNIX screw up. A real O/S simply does not allow
> a process to write to its stack. And a real language would have automatic
> resource allocation for strings.
>
> Phill
And what do you suggest for a real OS? A real language? And how does a process
efficiently pass variables to functions if it can't write to it's stack.
A special dedicated stack - I don't see where this is a UNIX screw up.
Similar problems are possible on non UNIX systems; seems to me general
cure for something like this is bounds checking, which always ends up
being turned off cause of performance issues.
I've seen you bash UNIX any number of times before; I am really open
to a better way and want to hear your suggestions. But with respect to this
problem, UNIX has no monopoly, and to date is the best solution I have
for my needs unitl I am enlightened.
rich
