|
On Thu, 2004-11-04 at 07:26, CWilt@xxxxxxxxxxxx wrote: > > -----Original Message----- > > From: Rich Duzenbury [mailto:rduz-midrange@xxxxxxxxxxxxxxxxxxx] > > Sent: Wednesday, November 03, 2004 8:54 PM > > To: Midrange Systems Technical Discussion > > Subject: Re: iSeries buffer overflow immunity? > > > > > > > > Hmm. I'd like to explore this point a bit further. 'variables ... > > wrong' Or set to values of my will and pleasure? Imagine I have a > > service where an unprotected buffer is immediately (or even just > > somewhat closely) followed in storage by a 'privileged user' flag. > > Overflow the buffer and set the privileged user flag! If > > done properly, > > attacker has some type of unauthorized access to the system. No, > > probably not a command line, but perhaps enough to get into the admin > > area of your application. > > > > Nope, can't happen like that. Perhaps someone else can provide the > technical details off the top of their head. > I haven't convinced myself of that yet. I'm very busy today, but I'm going to try to write a test case perhaps over the weekend. -- Regards, Rich Current Conditions in Des Moines, IA Scattered Clouds Temp 50F Winds out of the North at 18, gusting to 24mph
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
