Crossfire Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CF: server security



On Jan 25,  7:44pm, Preston F. Crow wrote:
> Subject: CF: server security
> I'm concerned about all these buffer overflow crashes in the server.  How
many
> of them could be exploited to gain a shell on the server machine?

 Presumably, they hold the same dangers as any buffer overrun problem for other
programs.  Hopefully, you aren't running crossfire as a root or other
priveledged user so that if access was so gained, it wouldn't be as major.

 At least one more overflow problem will be fixed in the next version.  Doesn't
mean there are not still others.

 Crossfire however is likely to be harder to exploit such bugs because for the
most part there is not a common binary (my compiling on linux may very well
generate different circusmtances due to different compiler version, compile
options, libraries, etc.)  This certainly makes it harder for a would be hacker
to gain access compared to something that is using the same binary for hundreds
or thousands of machines.


-- 

-- Mark Wedel
mark@pyramid.com
-
[you can put yourself on the announcement list only or unsubscribe altogether
by sending an email stating your wishes to crossfire-request@ifi.uio.no]