From xemacs-m  Tue Feb 18 09:04:44 1997
Received: from newman (root@newman.aventail.com [38.225.141.10])
	by xemacs.org (8.8.5/8.8.5) with SMTP id JAA27704
	for <xemacs-beta@xemacs.org>; Tue, 18 Feb 1997 09:04:40 -0600 (CST)
Received: from kramer.in.aventail.com.aventail.com (wmperry@kramer [192.168.1.12]) by newman (8.6.12/8.6.9) with SMTP id HAA25410; Tue, 18 Feb 1997 07:02:39 -0800
Date: Tue, 18 Feb 1997 07:02:39 -0800
Message-Id: <199702181502.HAA25410@newman>
From: "William M. Perry" <wmperry@aventail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Hrvoje Niksic <hniksic@srce.hr>
Cc: xemacs-beta@xemacs.org
Subject: Re: Safe elisp functions?
In-Reply-To: <kigenefx7ux.fsf@jagor.srce.hr>
References: <199702172311.PAA23394@newman>
	<m2zpx356pc.fsf@altair.xemacs.org>
	<199702172345.PAA23641@newman>
	<m2wws755ux.fsf@altair.xemacs.org>
	<kigenefx7ux.fsf@jagor.srce.hr>
Errors-to: wmperry@aventail.com
Reply-to: wmperry@aventail.com
X-Face: O~Rn;(l][/-o1sALg4A@xpE:9-"'IR[%;,,!m7</SYF`{vYQ(&RI1&EiH[FvT;J}@f!4kfz
 x_!Y#=y{Uuj9GvUi=cPuajQ(Z42R[wE@{G,sn$qGr5g/wnb*"*ktI+,CD}1Z'wxrM2ag-r0p5I6\nA
 [WJopW_J.WY;

Hrvoje Niksic writes:
>Steven L Baur <steve@miranova.com> writes:
>
>> I'm a network administrator, so I have a higher level of paranoia than
>> a lot of people.  At the moment your message arrived I was on the
>> phone with a client whose system was overrun by a hacker this past
>
>You must mean a cracker!

 heh.

>> We have at least one semi-reproduceable crash in the GIF C code that
>> is typically exercised by usage of W3.  If you can *guarantee* me that
>> the GIF code can *never* overrun the stack, I'll consider changing my
>> position.  But I want a full security audit done of all functions put
>[...]
>
>I don't understand what's the point of these stack-overrunning stories.
>The worst that can happen is that XEmacs crashes (like netscape crashes on
>Java).  So what?

  Well, imagine constructing some completely psychotic string and doing a
regexp match on it if you knew the details of the XEmacs regexp matcher
bounds lossage.  You could theoretically smash the stack, and execute
arbitrary machine code.  Same as any other array-bounds-checking bug.  Ala
the FreeBSD alert a few days ago.

>I hope you don't intend to run XEmacs setuid root, which would make your
>fears legitimate.

  Well, you might legitimately want to run XEmacs _as_ root if you happen
to be logged in doing system maintenance.

-Bill P.

