OK, I hate to flog a dead horse but really: This exploit, like others against Unix machines many years ago, was based on a buffer overflow dumping the user into supervisor space. This, in turn, is a direct result of the fact that the C programming language does not check or enforce limits on a string length or buffer size - that's left up to the individual programmer. Surely, given the importance of security, it should be possible to fix the C language (or my preference, use a different one) to do systems programming. After all, C is not so much a systems programming language as a high-level version of assembly language. Years ago, Philipe Khan of Borland said that 'C is a disease and the Americans are spreading it.' Maybe he had this kind of thing in mind. Peter (Incidentally, a former profs at Ryerson, Heather Hinton, was working on such a mechanism to prevent stack overflows. I guess it's never been widely adopted.) On Wed, Dec 03, 2003 at 10:22:01PM -0500, Tom Legrady wrote:

When the thread gets around to Hitler, the horse is not only dead, but already boiled down for glue.

Next topic, please.

Tom

...

On Wed, Dec 03, 2003 at 05:11:38PM -0500, JoeHill wrote:

...

So, to end the thread, placing limits on the free exchange of any information, whether it is for some limited time or perceived good, is the kind of slippery slope that leads to a regime **Hitler** would have loved ;-)

-- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

-- Peter D. Hiscocks Department of Electrical and Computer Engineering Ryerson University, 350 Victoria Street, Toronto, Ontario, M5B 2K3, Canada Phone: (416) 979-5000 Ext 6109 Fax: (416) 979-5280 Email: phiscock-g851W1bGYuGnS0EtXVNi6w at public.gmane.org URL: http://www.ee.ryerson.ca/~phiscock -- The Toronto Linux Users Group. Meetings: http://tlug.ss.org TLUG requests: Linux topics, No HTML, wrap text below 80 columns How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml