From xemacs-m  Tue Feb 18 10:48:02 1997
Received: from altair.xemacs.org (steve@xemacs.miranova.com [206.190.83.19])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id KAA28602
	for <xemacs-beta@xemacs.org>; Tue, 18 Feb 1997 10:48:01 -0600 (CST)
Received: (from steve@localhost)
	by altair.xemacs.org (8.8.5/8.8.5) id IAA07123;
	Tue, 18 Feb 1997 08:59:22 -0800
Mail-Copies-To: never
To: xemacs-beta@xemacs.org
Subject: Re: Safe elisp functions?
References: <199702172311.PAA23394@newman> 	<m2zpx356pc.fsf@altair.xemacs.org> 	<199702172345.PAA23641@newman> 	<m2wws755ux.fsf@altair.xemacs.org> 	<kigenefx7ux.fsf@jagor.srce.hr> <199702181502.HAA25410@newman>
X-Url: http://www.miranova.com/%7Esteve/
X-Face: #!T9!#9s-3o8)*uHlX{Ug[xW7E7Wr!*L46-OxqMu\xz23v|R9q}lH?cRS{rCNe^'[`^sr5"
 f8*@r4ipO6Jl!:Ccq<xoV[Qz2u8<8-+Vwf2gzJ44lf_/y9OaQ`@#Q65{U4/TC)i2`~/M&QI$X>p:9I
 OSS'2{-)-4wBnVeg0S\O4Al@)uC[pD|+
X-Attribution: sb
From: Steven L Baur <steve@miranova.com>
In-Reply-To: "William M. Perry"'s message of Tue, 18 Feb 1997 07:02:39 -0800
Mime-Version: 1.0 (generated by tm-edit 7.105)
Content-Type: text/plain; charset=US-ASCII
Date: 18 Feb 1997 08:59:22 -0800
Message-ID: <m2zpx2gidx.fsf@altair.xemacs.org>
Lines: 42
X-Mailer: Gnus v5.4.13/XEmacs 20.1

William M Perry writes:

> Hrvoje Niksic writes:
>> Steven L Baur <steve@miranova.com> writes:
>> 
>>> I'm a network administrator, so I have a higher level of paranoia than
>>> a lot of people.  At the moment your message arrived I was on the
>>> phone with a client whose system was overrun by a hacker this past
>> 
>> You must mean a cracker!

>  heh.

I mistyped.

>> I don't understand what's the point of these stack-overrunning stories.
>> The worst that can happen is that XEmacs crashes (like netscape crashes on
>> Java).  So what?

>   Well, imagine constructing some completely psychotic string and doing a
> regexp match on it if you knew the details of the XEmacs regexp matcher
> bounds lossage.  You could theoretically smash the stack, and execute
> arbitrary machine code.  Same as any other array-bounds-checking bug.  Ala
> the FreeBSD alert a few days ago.

See
	http://www.miranova.com/~steve/StackSmashing.txt

>> I hope you don't intend to run XEmacs setuid root, which would make your
>> fears legitimate.

> Well, you might legitimately want to run XEmacs _as_ root if you happen
> to be logged in doing system maintenance.

It's either that or the Roman Numeral editor.

My apologies if I appeared to come down hard on William.  I have the
highest respect for William's programming ability and what he's been
able to do with W3.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.

