In article <[email protected]>, Matthew Hunt <[email protected]> wrote: > > I think the point is that when root is running tcpdump on host A, a bad > guy on host B can create a packet which makes tcpdump on A execute his > code (as root, since that's who's running it). This is not desirable.
I would say it is not _acceptable_. The code shouldn't go into our source tree until the known buffer overflow problems have been fixed. It's just stupid to add buffer overflow problems to a program that is always run as root. John -- John Polstra [email protected] John D. Polstra & Co., Inc. Seattle, Washington USA "Self-interest is the aphrodisiac of belief." -- James V. DeLong To Unsubscribe: send mail to [email protected] with "unsubscribe freebsd-hackers" in the body of the message
