-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Jul 29, 2007, at 7:57 AM, Darren Reed wrote:

> Simon 'corecode' Schubert wrote:
> ...
>> But the writer is not supposed to write there in the first place!   
>> But
>> even if this is a bug in the writer (writing after the end of the
>> (mapped) file), it is still writing to a file which can be read by  
>> users
>> with the appropriate permissions.  I don't really see a security  
>> problem
>> there.
>
> If buggy software writes in an area of memory that it shouldn't,
> lets say it puts your password there by accident, then it appears
> another process can get that.
>
if buggy software creates file in /tmp with my password other process  
can get that pass ,too.

> It is a security exposure (but not a serious one) because it is a
> means for data from one application to be "stolen" by another.
>
I doesn't see your point here, it's application problem.
> Darren
>

Regards
- -----------------------------------------
Adam Hamsik
jabber: haad@jabber.org
icq: 249727910

Proud NetBSD user.

We program to have fun.
Even when we program for money, we want to have fun as well.
~ Yukihiro Matsumoto




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFGrG3mlIxPgX3Go0MRAslVAKCmqynxQmSxBN0nsb305Pc/sVj7dACg7r+6
ZXoZ9+/2DShAJNQlxJzewyw=
=193T
-----END PGP SIGNATURE-----