12 Feb
2008
12 Feb
'08
1:20 a.m.
On Mon, Feb 11, 2008 at 06:00:14PM -0500, Ross S. W. Walker wrote:
I wonder if any existing user-land utilities have hooks into vmsplice that may be able to be accessed via PHP, Perl, or CGI?
It's a system call.
Yes, but conceivable an application can make use of such a system call since it is exploitable from user land and hence the concern.
Well, the point is there's nothing wrong with the system call *inherently*. There's just a flaw in its implementation which a carefully-crafted program can exploit. A program which just happens to use the system call as it is intended to be used isn't any more dangerous than any other code.
--
Matthew Miller mattdm@mattdm.org http://mattdm.org/
Boston University Linux ------> http://linux.bu.edu/