> > It appears that Brumley's team is fuzzing the input to the graphics > > portion of Axiom, likely as an effort to find security holes. I used > > to work at CMU/CERT and am currently active in the security field. > > > > Actually, I'm kind of pleased that they got it to run considering our > > last exchange about gcc no longer working with the legacy C code. > > Perhaps I need to get David's gcc list of switches :-) > > > > Just a clarification here, the view2d.c problem is mac specific, to my > knowledge. Linux is fine.
If Brumley is fuzzing then the problem he is finding (it looks like he is "forcing AA"s) is that the input stream is not properly handling overlong input (scanf? strcpy?). So the problem would be generic. I do this in my pentesting work. I know how to fix it but I want to concentrate on several other fronts first. Tim -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
