On 4/03/22 00:39, Eliezer Croitoru wrote:
I'm still trying to understand why it's described as "exploitable" ??? It's like saying: The Linux Kernel should not be a kernel and init(or equivalent) should not run with uid 0 or 1. Why nobody complains about cockpit being a root process??
This explains the _type_ of problem <https://secureteam.co.uk/articles/how-return-oriented-programming-exploits-work/>.
Most Squid are automatically protected against it by at least one of OS or compiler systems. But some can still be vulnerable, as shown by Jerkio.
Amos _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
