Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability

• To: www-security@ns2.rutgers.edu
• Subject: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: "Gintaras Richard Gircys (GG148)" <rich@oester.com>
• Date: Thu, 16 Feb 1995 16:41:33 -0800
• In-reply-to: Message from Wed, 15 Feb 1995 20:27:12 +0900. <95Feb15.202725+0900_met.63660-2+15@dxal18.cern.ch>
• Reply-To: www-security@ns2.rutgers.edu

> This is yet another UNIX screw up. A real O/S simply does not allow 
> a process to write to its stack. And a real language would have automatic
> resource allocation for strings. 
> 
> 	Phill

And what do you suggest for a real OS? A real language? And how does a process
efficiently pass variables to functions if it can't write to it's stack.
A special dedicated stack - I don't see where this is a UNIX screw up.

Similar problems are possible on non UNIX systems; seems to me general
cure for something like this is bounds checking, which always ends up
being turned off cause of performance issues.

I've seen you bash UNIX any number of times before; I am really open
to a better way and want to hear your suggestions. But with respect to this
problem, UNIX has no monopoly, and to date is the best solution I have
for my needs unitl I am enlightened.

rich

• Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>

• Previous: Re: CERN 3.0 Authentication setup
• Next: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• Index(es):
  • Index
  • Thread