Installing a compiler by default

Cefiar cef at
Wed Jun 14 11:47:55 BST 2006

On Wednesday 14 June 2006 18:42, Chanchao wrote:
> In order for a compiler, or anything else, to be modifying kernels or
> libraries, it would have to be run as root...  If something runs as
> root, it doesn't need gcc to turn your computer purple, have it grow
> fur, moan and blow bubbles.

What about Buffer Overflows (particularly things like stack smashing)?

And if you think that buffer overflows are a thing of the past, think again. 
In a recent patch for the Linux kernel (v2.6.16.17), there is a patch to fix 
a buffer overflow.

From the changelog:
    [PATCH] SCTP: Validate the parameter length in HB-ACK chunk 
    If SCTP receives a badly formatted HB-ACK chunk, it is possible
    that we may access invalid memory and potentially have a buffer
    overflow.  We should really make sure that the chunk format is
    what we expect, before attempting to touch the data.

Admittedly, this one is remotely exploitable, but it shows that these things 
STILL happen.

> Include gcc in Edgie. It's already there on the CD.

I already agree on that point.

 Stuart Young - aka Cefiar - cef at

More information about the sounder mailing list