NYT on Netscape Crack

Ray Cromwell rjc at clark.net
Tue Sep 19 21:05:58 PDT 1995


> > 
> >   Sigh.  For your information the security code for 1.x versions of
> > netscape was not even written by someone from NCSA.
> 
> If there is ANY place in the code that I can do a data driven buffer
> overflow, I can force you to execute code that I supply. I don't give
> a damn if it's in the "security" code. It makes no difference where it
> is. If there is a chink, thats it -- you're meat.

  How would you do this if the buffer overflow happened in a buffer
which was allocated in a separate protected heap apart from stack
and executable data?

-Ray





More information about the cypherpunks-legacy mailing list