17 Dec
2003
17 Dec
'03
11:17 p.m.
| Buffer overflow seems like a much greater concern when dealing | with a server. Particularly one which is supposedly "secure", and | accessing "secured" documents. Even with the server running as | 'nobody' if someone can implement buffer overflow to get access to | documents they shouldn't then that would count as a pretty significant | hack. Don't forget system(), which was a major source of holes in the NCSA server. Also, CGI scripts, especially those that run under perl or sh, would be a good place to look for holes. Don't forget to see what happens when you put semi-colons in the data field of various fields, such as mailto:'s. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume