Re: Non-Executable Stack Patch

Alan Cox (alan@lxorguk.ukuu.org.uk)
Thu, 5 Jun 1997 08:49:25 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Geert Uytterhoeven: "Re: tty->count off in pre-2.0.31-1"
Previous message: Matti Aarnio: "Re: Ext2fs and hashed table."

> > The biggest problem we have left securitywise is probably /tmp file anyway
> > especially from GNU tools
> In that the GNU tools use /tmp more than vendor "x" tools, or that GNU
> tools are more aware (and hense avoid) stack overflow problems (not that
> either is more or less secure ;) ?

The GNU coding standard (which most GNU tools follow fairly well) is very
explicit about handling arbitary length data and having no limits. As a result
they tend to alloca() the right amounts on the whole rather than use buffers.

A lot of stuff uses /tmp without due care and attention.

Next message: Geert Uytterhoeven: "Re: tty->count off in pre-2.0.31-1"
Previous message: Matti Aarnio: "Re: Ext2fs and hashed table."