alex@xxxxxxxxxxxxxxx wrote: > Quoting Feizhou <feizhou@xxxxxxxxxxxx>: > >> When does a newbie gets a monster box to play with? > > > 4 gigs of memory isn't as expensive as it used to be. Not that cheap > that I > would put 4 gigs into any of the computers in my basement. But not that > expensive either. Complete AMD64 system is not that much more expensive > then > P4 system (other then processor and motherboard, all other components are > exactly the same). So I'd say wast majority of newbies from rotten rich > west > can financialy afford a "monster box to play with". > >> DJB has already stated a long time ago that this should be done by the >> OS or available tools. > > > Whatever way you put it, the following is buggy code: > > int foo; > int *bar; > foo = bar; If you are referring to the 'problem #2 is exploitable at least on freebsd 5.4 amd64' code, it does not do anything of the sort. int i; ... i = str_chr(cmd.s,' '); ... cmd.s[i] = 0; str_chr returns 'unsigned int' not a pointer. > > Yelling that limits were supposed to be setup on the system for your > particular > program so that bar always fits into foo is not going to save you from > the fact > that your programming practices were flawed! The above code fragment is > probably the biggest single problem with many programs when Alpha > processors > were introduced. And now we see it again. > > Now I don't know if that "bug" in qmail fits the above description > exactly, but > I'm preaty darn sure it is something equivalent. Why don't you look before you yammer. If you did a compile of qmail, you will NEVER find any warnings about 'warning: assignment makes integer from pointer without a cast' > >>> After all, there's that famous quote from Bill Gates: "640K ought to be >>> enough for anybody". Who knows, maybe one day we'll be quoting qmail >>> author instead: "32 bits ought to be enough for anybody". >> >> >> I highly doubt it since he said nothing of the sort. > > > I haven't said he did. It was a joke :)