Re: [SLE] spyware
From: q=96rn_Hansen?= (orn.hansen_at_swipnet.se)
Date: 10/04/04
- Previous message: Steve Kratz: "RE: [SLE] Welcome back, Anders!"
- In reply to: Anders Johansson: "Re: [SLE] spyware"
- Next in thread: Anders Johansson: "Re: [SLE] spyware"
- Reply: Anders Johansson: "Re: [SLE] spyware"
- Reply: Steve Kratz: "RE: [SLE] spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: suse-linux-e@suse.com Date: Mon, 4 Oct 2004 17:20:31 +0200
måndag 04 oktober 2004 14:25 skrev Anders Johansson:
>
> I'm not sure what you're saying here. It sounds like "it's more difficult
> in windows, but it's more difficult in open source"
>
What I'm saying is, very simple ... it's the question of "gun control". An
old debate, on who is responsible. Well, in the gun control there's a saying
that it's the man holding the gun, that is responsible for the damage made by
the gun. Not the gun, by itself. However, some people wish to extend this
to mean ... that if it isn't ME that actually pulls the trigger, than I am in
the clear. Not true ... if I give a gun, to a person with significantly low
intellect and then show him how to use it, and urge him to ... than I am, in
fact, responsible for the damage made.
To put this in the script kiddie case, the script kiddie is someone who
doesn't have the knowledge of how to use it ... he gets the code, the info
and the knowledge, and then he pulls the trigger. And I'm saying, you can't
blame the script kiddie for his low intellect ... you can blame the employee
that made the information available to him, for criminal neglegance.
>
> It's a little more complicated than that. Google around for "heap
> overflow".
>
Actually, it's JUST as simple as that. Unless you are trying to tell me
that there's a problem with how the memory controlling routines are
implemented in linux. In which case, it's a serious ... yes, serious flaw in
the linux kernel. And I'm well aware of some of the drawbacks on how i386
CPU's handle segments, but those drawbacks should have vanished a long long
time ago, as far as I know as the segment should be handled by a true memory
controller of all post pentium CPU's (again, as far as I know). The data
allocated by a program, and the program code itself ... should not be within
the same segment.
Ok, let's say you got a program that needs 40 Megabytes of consequtive
memory. But the system is heavily loaded, and there is no 40 Megabytes of
consequtive memory blocks. To my knowledge, modern theory of operation says
that you can have several segments and when a program writes beyond one
segment, the kernel should receive an interrupt, giving it the opportunity of
changing the segment of the next consequtive block. Meaning, simply, that
you see the memory as consequtive, but it isn't in reality, this is also
known as Virtual Memory. Thus, there should never exist the possibility that
you could write beyond the segment you have allocated and certainly never
into program occupied memory... unless there's a serious flaw in the handling
of the heap, in which case, you need to have extensive knowledge of that case
to be able to utilize it ... irrespective of who you get to pull the trigger.
- application/pgp-signature attachment: stored
- Previous message: Steve Kratz: "RE: [SLE] Welcome back, Anders!"
- In reply to: Anders Johansson: "Re: [SLE] spyware"
- Next in thread: Anders Johansson: "Re: [SLE] spyware"
- Reply: Anders Johansson: "Re: [SLE] spyware"
- Reply: Steve Kratz: "RE: [SLE] spyware"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
