> I agree, being a purist myself, but often the obscure overflows let the > app continue apparently unharmed. When it's a core tool like /bin/sh > that can occasionally be desirable. well when a buffer overflow happens basically 3 things can happen 1) the overflow is limited to the padding space between variables on the stack 2) the overflow also overwrites other variables on the stack 3) the overflow gets as far as overwriting the return address on the stack 3) is the most common exploit vector. 2) sometimes can be exploited too, but that is rare. HOWEVER 2) is also a case that leads to crashes or data corruption. 1) is harmless of course. Now... even when you don't hit a security exploit... do you *really* want the risk of data corruption ???
Description: This is a digitally signed message part