[7319] in bugtraq
Re: EMERGENCY: new remote root exploit in UW imapd
daemon@ATHENA.MIT.EDU (Kragen)
Mon Jul 20 22:49:30 1998
Date: Fri, 17 Jul 1998 10:14:47 -0400
Reply-To: Kragen <kragen@POBOX.COM>
From: Kragen <kragen@POBOX.COM>
X-To: Craig Spannring <cts@INTERNETCDS.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807170035.RAA05041@bangkok.office.cdsnet.net>
On Thu, 16 Jul 1998, Craig Spannring wrote:
> Anonymous writes:
> > In some ways, it is depressing to find this new hole. Programmers are
> > still making the same mistakes they have made for years. Doesn't anyone
> > learn from the past? Can strcpy() ever be used safely? Perhaps the
> > software development community, and certainly those writing network service
> > daemons that run as root, should discontinue using *any* C library
>
> C should not be used for trusted programs. The lack of true arrays
> with array bounds checking alone makes it too hazardous.
Many of the people on this list already know this, but there are
experimental bounds-checking extensions to gcc that do exactly what
you're looking for:
The first work I know of on bounds-checking for gcc was done by Richard
W. M. Jones and Paul Kelly, and is at
http://www.doc.ic.ac.uk/~phjk/BoundsChecking.html
Greg McGary <gkm@eng.ascend.com> did some other work. Announcement:
http://www.cygnus.com/ml/egcs/1998-May/0073.html
Richard Jones and Herman ten Brugge did other work. Announcement:
http://www.cygnus.com/ml/egcs/1998-May/0557.html
Greg compares different approaches in
http://www.cygnus.com/ml/egcs/1998-May/0559.html
Kragen
