From mboxrd@z Thu Jan  1 00:00:00 1970
From: Lucio De Re <lucio@proxima.alt.za>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] useful language extension, or no?
Message-ID: <20020718165525.R14964@cackle.proxima.alt.za>
References: <Pine.LNX.4.30.0207170803450.16167-100000@athena>, <20020718121930.K14964@cackle.proxima.alt.za> <3D36CB17.D4FEC4C0@null.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <3D36CB17.D4FEC4C0@null.net>; from Douglas A. Gwyn on Thu, Jul 18, 2002 at 02:21:07PM +0000
Date: Thu, 18 Jul 2002 16:55:26 +0200
Topicbox-Message-UUID: d0a369fe-eaca-11e9-9e20-41e7f4b1d025

On Thu, Jul 18, 2002 at 02:21:07PM +0000, Douglas A. Gwyn wrote:
> 
> Anyway, buffer overruns would be a security problem anyway, even
> if one could not add code, because state variables can be changed
> in unplanned ways.  One of the early such exploits merely set the
> "password was valid" flag.

A valid point (it's sendmail you seem to be referring to).  I've often
given only superficial attention to these issues and I'm pleased to
pick up a little more understanding about them (and, yes, I do label
myself a "security consultant" :-)

++L