on 16/7/02 11:20, Eagle at [EMAIL PROTECTED] wrote: > As you rightly point out, an overflow exploit for one system won't > necessarily work on another, but an overflowable buffer in a version of > Apache will still be overflowable on ANY system running that version of > Apache. It would just likely require a different exploit to gain > unauthorized access.
But, wouldn't the exploit still be limited by the permissions Apache has to run on a system -- if it is not running as root (or does it?) [in OS X], it shouldn't have access to root functions & thus should be limited to wreaking havoc with the user space in which it is running. Is this remotely correct? Eric. -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Macintosh? Get free email and more at Applelinks! <http://www.applelinks.com>
