1995-09-20 - Re: NYT on Netscape Crack

Header Data

From: Ray Cromwell <rjc@clark.net>
To: perry@piermont.com
Message Hash: f3fe87483e8b788a69f48642fae4272c60e075192a35944f997e879286517243
Message ID: <199509200403.AAA14189@clark.net>
Reply To: <199509200324.XAA03268@frankenstein.piermont.com>
UTC Datetime: 1995-09-20 04:05:58 UTC
Raw Date: Tue, 19 Sep 95 21:05:58 PDT

Raw message

From: Ray Cromwell <rjc@clark.net>
Date: Tue, 19 Sep 95 21:05:58 PDT
To: perry@piermont.com
Subject: Re: NYT on Netscape Crack
In-Reply-To: <199509200324.XAA03268@frankenstein.piermont.com>
Message-ID: <199509200403.AAA14189@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


> > 
> >   Sigh.  For your information the security code for 1.x versions of
> > netscape was not even written by someone from NCSA.
> 
> If there is ANY place in the code that I can do a data driven buffer
> overflow, I can force you to execute code that I supply. I don't give
> a damn if it's in the "security" code. It makes no difference where it
> is. If there is a chink, thats it -- you're meat.

  How would you do this if the buffer overflow happened in a buffer
which was allocated in a separate protected heap apart from stack
and executable data?

-Ray




Thread