--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Nov 30, 2000 at 09:48:30PM -0500, Greg A. Woods wrote:

> No, not good at all, but also not in any way related to any set-ID
> issues (unless of course the mailer is running set-ID, which of course
> is a pretty brain-dead thing to do these days!).  That's just a case of
> sanitizing normal user-provided data before acting upon it --
> i.e. robust programming.

Agreed, every single workd that I cited, and most of the words furtheron
in your message that I didn't cite.

But you claimed before that buffer overflows are no vital problem if they
can't create a root exploit, and I told you that in my world, buffer
overflows are a vital problem even for non-root.

Yes, root exploits are bad... root can do everything evil to a machine,
including reading vital data. But you don't need root to read vital data,
you only need the id that owns them.

Regards,
	Ignatios

--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.i

iQEVAgUBOid34TCn4om+4LhpAQH6nwf/afYPNnAib7yr7uFswSPhm9x5BIr9rmUQ
m4mdBRLtM0SVAMc0bLxFqoy0ZrRa3MW6JIafMjTonTSdFeiOBUEypiVD8WzohP9W
yQANxOpoctwYot9DDPo5CNlFijWgtudzVNW9lIhVFf5+NSHMQ9ziHr0v16sNJAkw
2ZhMqI0mLWpNK0mVCDhb0yS99enyV0JT5QcGkylAYwhhCOnGyPR1Wpdt5Lw6nukr
2A6YOtY6IzqQJfS8JFi21DmmHedAvIcaQy70Oz6/KcIOPTLs8qU954+kj+3FYkfG
f2bArhBrk/FWOKDUlVrYiZlsqBy6TgMVwxDiUM/mF8ruHoWlsAb+YA==
=vrxs
-----END PGP SIGNATURE-----

--mP3DRpeJDSE+ciuQ--