well, consider that most of osx is directly taken from bsd, and bsd is becoming
a more popular
target. also consider that most or all of the security related bugs (and a
couple were huge, and
"undiscovered" in bsd, at least by any one who reported them, for over a
decade!) were actually
found in bsd and also in os x because that's where the code actually came from,
as well as the
patches in most cases. also consider that os x will have it's own bugs, and
unix like systems in
general are becoming more popular targets again as they become more common.
also, consider the several email excerpts bellow from a security list i'm on,
it seems that c++ and
c, which are again what most of bsd and os x are written in, have some
"generic" security problems,
and that some are hard to patch. a security hole in an application is bad, one
in the os is
terrible, one in the programming language used to craft the code is very hard
to fix, and they tend
to be widely overlooked. buffer/stack overflows are amongst the most commonly
known security
problems and some of the easiest to exploit, and some of the most "powerful"
when they are
exploited. also consider that while IE 5.2.3 doesn't have these particular
bugs, most of the code
is the same on the pc versions as on the mac versions, many of the security
holes will also be
common, and I.E. has a terrible security record...
> Subject:
> More Browser on Macosx flaws: nested array sort() loop Stack overflow
> exception
> Date:
> Thu, 25 Nov 2004 17:47:40 +0100 (CET)
> From:
> Marco Mella <[EMAIL PROTECTED]>
> To:
> [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL
> PROTECTED], [EMAIL PROTECTED]
> CC:
> [EMAIL PROTECTED]
>
>
>
>
> Same problems on MACOSX 10.3.6 with:
> -Safari 1.2.4
> -Mozilla 1.7
> -Camino 0.7.0
> -Firefox 1.0
> -Opera 6.0.3
>
> Not affected IE 5.2.3
>
> Regards
> --
> Marco Mella
>
>
> ---------
>
> Hi all,
>
> Same flaw works for Firefox as well as MSIE:
>
> <HTML>
> <SCRIPT> a = new Array(); while (1) { (a = new
> Array(a)).sort(); } </SCRIPT>
> <SCRIPT> a = new Array(); while (1) { (a = new
> Array(a)).sort(); } </SCRIPT>
> </HTML>
>
> Added to the list:
> http://www.edup.tudelft.nl/~bjwever/advisory_firefox_flaws.html
> ------------------------
>
> >Anyone know why so many browsers are affected?
>
> I think it would be obvious but add the following browser:
> Netscape 7.1(Gecko/20030624)
>
> ---------------
> Subject:
> Re: More Browser on Macosx flaws: nested array sort() loop Stack
> overflow exception
> Date:
> Thu, 02 Dec 2004 14:46:06 -0500
> From:
> [EMAIL PROTECTED]
> -------------------
>
> On Fri, 26 Nov 2004 18:56:01 +0200, Alex R said:
> > Anyone know why so many browsers are affected?
>
> Well... let's look at it..
>
> > <SCRIPT> a = new Array(); while (1) { (a = new
> > Array(a)).sort(); } </SCRIPT>
>
> That's the moral equivalent of:
>
> main() { while (1) {malloc(lots);} }
>
> and it's *tricky* to actually trap this one correctly. The problem is
> that when you do the new() that overflows the stack, you can probably
> catch the error - but then you get to try to clean up the mess without
> making any more function calls that grow the stack and/or malloc more.
>
> Now consider that C++ seems to be the popular language for doing browsers -
> and C++ has these things called constructors and destructors.... ;)
>
> (Of course, the *other* possibility is to roll the stack back by hand to some
> reasonable recovery point. This is fun enough in C ('man longjmp' ;), and
> another
> ugly mess for C++)....
>
--
Why is this man in the White House? The majority of Americans did not vote for
him. Why is he there?
And I tell you this morning that he's in the White House because God put him
there for a time such
as this: Lt Gen William Boykin, speaking of G. W. Bush, New York Times, 17
October 2003
=
God gave
the savior to the German people. We have faith, deep and unshakeable faith,
that he was sent to us
by God to save Germany. Hermann Goering, speaking of Hitler
--
G-List is sponsored by <http://lowendmac.com/> and...
Small Dog Electronics http://www.smalldog.com | Refurbished Drives |
-- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! |
Support Low End Mac <http://lowendmac.com/lists/support.html>
G-List list info: <http://lowendmac.com/lists/g-list.shtml>
--> AOL users, remove "mailto:";
Send list messages to: <mailto:[EMAIL PROTECTED]>
To unsubscribe, email: <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/>
Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
