Glenn wrote:
> Sure, you can "overflow" any web browser.
>
> But that's not a virus or a worm.
>
> AFAIK,
> Causing an "overflow" can't damage anything on the
> recipients computer system.
Hmm... perhaps I should take you up on the challenge you mentioned in another post
just to get a free meal ;-)
An overflow is distasterous from a security point of view. The first Internet worm for
instance used an overflow bug, that was known, in sendmail.
It wouldn't be too dificult for me (that have the source code to Arachne) to see the
length of a buffer (any buffer) and trick you somehow to overflow it. For instance
(not from the code of course):
void someFunction(char *inBuf)
{
char buf[64];
strcpy(buf, inBuf);
Now if the buffer is overrun the code following buf in memmory will be run instead of
what the programmer planned. Of course using strncpy(buf, inBuf, 64); instead will
make it safe (and so has Michael done - but I'm not 100% certain it's everywhere). And
even if Arachne would be safe against this, what says that the packetdriver (you are
using LSPPP AFAIK) is written in this way? Or WatTCP? or Lopif? So there are possible
security holes, I'm not saying that they are there, but they could be.
Besides, taking your bet is really useless, I can just as easily bet that noone will
get into my sisters Windows 95 machine that lacks a firewall. Why? Well, I'll just
leave it unconnected to the Internet ;-)
> And it most certainly can't be spread around the web and email system
> without the person who received it intentionally re-sending it.
How so? As long as the buffer don't overrun WatTCP and the packetdriver (unless by a
very small fraction) it can send it self away just as easily as you send mail yourself
- and you wouldn't notice.
//Bernie
