Installing a compiler by default
Cefiar
cef at optus.net
Wed Jun 14 11:47:55 BST 2006
On Wednesday 14 June 2006 18:42, Chanchao wrote:
> In order for a compiler, or anything else, to be modifying kernels or
> libraries, it would have to be run as root... If something runs as
> root, it doesn't need gcc to turn your computer purple, have it grow
> fur, moan and blow bubbles.
What about Buffer Overflows (particularly things like stack smashing)?
And if you think that buffer overflows are a thing of the past, think again.
In a recent patch for the Linux kernel (v2.6.16.17), there is a patch to fix
a buffer overflow.
From the changelog:
[PATCH] SCTP: Validate the parameter length in HB-ACK chunk
(CVE-2006-1857)
If SCTP receives a badly formatted HB-ACK chunk, it is possible
that we may access invalid memory and potentially have a buffer
overflow. We should really make sure that the chunk format is
what we expect, before attempting to touch the data.
Admittedly, this one is remotely exploitable, but it shows that these things
STILL happen.
> Include gcc in Edgie. It's already there on the CD.
I already agree on that point.
--
Stuart Young - aka Cefiar - cef at optus.net
More information about the sounder
mailing list