One of the best bits of egoboo I've had recently is the conversation with James Clark about XML parsing in Emacs. For those of you not "in the know", James Clark is the author of the canonical XML parser: expat. Virtually everyone who has worked with XML has used parser at one time or another. So you could say that he knows a thing or two about the technology.
Yesterday, news of an ssh vulnerability hit Slashdot.org.
Still can't find any information on or first-hand accounts of an exploit. Note that this is not a "buffer overflow". Instead it is a problem with the "general buffer management function".
The difference?
Generally, buffer overflows allow the person exploiting the vulnerability to put arbitrary code on the stack for execution. In this case, the problem is that, when over-writing sensitive data on the heap, the buffer managment code writes 0's too far out.
The key here is that the buffer being managed is on the heap. It is my understanding that heap-based exploits are much more difficult than stack-based ones.
Bottom line: you're probably looking at a DoS at the most.
Oh, and "UsePrivilegeSeperation yes" will help minimize the damage of
this sort of problem in the future.
You see this today. Two groups start; one group uses an easy-to-use system, and another uses a not-so-easy-to-use system. The first group gets done first, and the competition is over. The winners move forward and the other guys go home. — A conversation with Jim Gray
I really need to learn this.
By the way, Jim Gray talks about his TerraServer SneakerNet, too:
DP Are you sending them a whole PC?
JG Yes, an Athlon with a Gigabit Ethernet interface, a gigabyte of RAM, and seven 300-GB disks—all for about $3,000.
DP It's your capital cost to implement the Jim Gray version of "Netflicks."
JG Right. We built more than 20 of these boxes we call TeraScale SneakerNet boxes.