and this is one of the things a physical or software firewall can help to block, simply by not forwarding excess data into a buffer that can't handle it. another good reason to use a firewall, no matter how secure you "think" your software is. even netbsd, which is incredibly vigorously reviewed, has been found to have security leaks from time to time, and very little if any commercial software is as carefully checked and rechecked by multiple people, suggesting that any commercial package will have huge security holes, often ones that are easy for an outsider to discover, or "features" which are nothing less than an invitation to cracking.
Eagle wrote: ------------- > Input buffers are allotted a certain amount of space; this is not > usually infinite. :) Ever notice in your web server logs, from the Code > Red era, that the GET requests were REALLY REALLY long, and that they > contained a bunch of characters that made no sense to you? That was a > buffer overflow exploit, and it worked by putting code onto the computer > (via the HTTP GET request) -- code which ran past the end of the input > buffer and was then executed by the computer. That's basically how a > buffer overflow works. > > As you rightly point out, an overflow exploit for one system won't > necessarily work on another, but an overflowable buffer in a version of > Apache will still be overflowable on ANY system running that version of > Apache. It would just likely require a different exploit to gain > unauthorized access. ------------------- -- Philip Stortz, mad scientist at large. --Every 13 seconds an American gun owner uses a firearm in defense against a criminal. gun ownership deters crime, it doesn't increase it. gun control increases crime and cost lives. <http://www.pulpless.com/gunclock/framedex.html> -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Macintosh? Get free email and more at Applelinks! <http://www.applelinks.com>
