On Sunday 04 November 2007 01:39:50 Aniruddha wrote:
On Sun, 2007-11-04 at 01:23 +0100, Anders Johansson wrote:
And about your thread on packman, I hope you know that a "malicious change" can be as simple as changing a buffer size check from 10 to 11, or changing fgets to gets. No rootkit detector in the world will find that, but after such a change, a malicious user can walk right in
Interesting point. I didn't know that. This change would create a buffer overflow attack right?
Yes it would. And there are millions of variations, more or less subtle, that no one would notice unless they were specifically looking for it. http://kerneltrap.org/node/1584 is one of the better known examples. Something like that would be completely impossible to find programmatically Anders -- Madness takes its toll -- To unsubscribe, e-mail: email@example.com For additional commands, e-mail: firstname.lastname@example.org