[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New Netscape bug (in version 1.12)
In article <[email protected]>, Ray Cromwell <[email protected]> writes:
>> This is a bug in your X server, not in netscape. The X server should
>> never crash no matter what you send to it.
> That's true, but it is also true that Netscape should also be
> performing some sanity checking on input rather than relying on
> the supporting libraries to be secure. Remember, a hole is a hole.
> The last sendmail bug was a buffer overflow in syslog, however,
> sendmail still got patched to do bounds checking on the strings
> it was passing to syslog.
> It looks like this is only bug on BSDI2.0/XAccel, and NT3.5/NS1.1. But
> is it wise for netscape to be sending 10,000 character strings to GUI
> functions anyway?
It's absolutely okay for netscape to send long character strings to the
X server. In fact, all it's probably doing is putting long character
strings into a Motif widget, which then sends them to the X server.
This is also totally okay.
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything. -- Washington DC motto | [email protected]