develooper Front page | perl.perl5.porters | Postings from December 1999

Re: getspnam-support

Thread Previous | Thread Next
Matthias Urlichs
December 3, 1999 21:38
Re: getspnam-support
Message ID:

Tom Christiansen:
> If you can attack the memory of a setuid program, then all bets
> are off, and nothing else matters.
There's a small difference between being able to look at the memory contents
(or crash dump) of a root program, and actually being able to make it do
system calls which weren't in the original blueprints.

The former kind of attack is useless against a program which doesn't _have_
any security-critical information in its memory, for the very simple
reason that it doesn't need it in the first place.

If I had no problem with having sensitive information in programs which
have no business reading it, I'd not need a shadow password file.

Matthias Urlichs  |  noris network GmbH   |  |  ICQ: 20193661
The quote was selected randomly. Really.    |
There never is [profit] in revenge. Let the dead rest, and the past
  remain the past.
                -- Picard, "The Battle", stardate 41723.9

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About