Re: getspnam-support

Hi,

Tom Christiansen:
> If you can attack the memory of a setuid program, then all bets
> are off, and nothing else matters.
> 
There's a small difference between being able to look at the memory contents
(or crash dump) of a root program, and actually being able to make it do
system calls which weren't in the original blueprints.

The former kind of attack is useless against a program which doesn't _have_
any security-critical information in its memory, for the very simple
reason that it doesn't need it in the first place.


If I had no problem with having sensitive information in programs which
have no business reading it, I'd not need a shadow password file.

-- 
Matthias Urlichs  |  noris network GmbH   |   smurf@noris.de  |  ICQ: 20193661
The quote was selected randomly. Really.    |      http://www.noris.de/~smurf/
-- 
There never is [profit] in revenge. Let the dead rest, and the past
  remain the past.
                -- Picard, "The Battle", stardate 41723.9

• getspnam-support by Jochen Wiedmann
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by Tom Phoenix
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by John Macdonald
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Tom Christiansen
• Re: getspnam-support by Dan Sugalski
• Re: getspnam-support by Matthias Urlichs
• Re: getspnam-support by Dan Sugalski
• Re: getspnam-support by Jochen Wiedmann
• Re: getspnam-support by Gurusamy Sarathy
• Re: getspnam-support by Jochen Wiedmann