On Sunday 04 November 2007 01:39:50 Aniruddha wrote: > On Sun, 2007-11-04 at 01:23 +0100, Anders Johansson wrote: > > And about your thread on packman, I hope you know that a "malicious > > change" can be as simple as changing a buffer size check from 10 to 11, > > or changing fgets to gets. No rootkit detector in the world will find > > that, but after such a change, a malicious user can walk right in > > > > Anders > > Interesting point. I didn't know that. This change would create a buffer > overflow attack right?
Yes it would. And there are millions of variations, more or less subtle, that no one would notice unless they were specifically looking for it. http://kerneltrap.org/node/1584 is one of the better known examples. Something like that would be completely impossible to find programmatically Anders -- Madness takes its toll -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
