Re: Non-Executable Stack Patch

Alan Cox (alan@lxorguk.ukuu.org.uk)
Thu, 5 Jun 1997 08:49:25 +0100 (BST)


> > The biggest problem we have left securitywise is probably /tmp file anyway
> > especially from GNU tools
> In that the GNU tools use /tmp more than vendor "x" tools, or that GNU
> tools are more aware (and hense avoid) stack overflow problems (not that
> either is more or less secure ;) ?

The GNU coding standard (which most GNU tools follow fairly well) is very
explicit about handling arbitary length data and having no limits. As a result
they tend to alloca() the right amounts on the whole rather than use buffers.

A lot of stuff uses /tmp without due care and attention.