Rick Funderburg wrote:
On Jun 7, 2006, at 18:25 , Tracy R Reed wrote:
Does qmail or any other "bug free codes" written by arrogant
programmers implement a binary search or merge sort? Any programs
somehow use a sort in some way that might affect security? I wonder
if any fun can be had with this... Of course you need to introduce a
billion elements to be sorted so it might be a bit hard to exploit
but you never know!
I can't say that I am often allocating 4 gigabytes of memory for a
single variable, but I certainly wish I had enough memory to make it a
non-event.
Actually, these kind of issues have been cropping up a fair bit in the
C/C++ world. They've been cleaning out bugs like this from the GNU C
core libraries for a number of years now. It's kind of disappointing
that Java's core libraries have bugs like this in them, and more
importantly that they are a "new" thing to the folks who wrote them.
--Chris
P.S.: Now that we've got 64-bit computing, 4GB is an increasingly
realistic address space for a process. For example, on the project I'm
working with at Yahoo, we're running 32-bit apps on a 64-bit kernel, and
we end up tweaking kernel parameters to get as close to using the entire
4GB address space as possible.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
