Author: Dann Corbit
Date: 17:37:00 06/28/04
Go up one level in this thread
On June 28, 2004 at 19:50:19, Peter Berger wrote:
>On June 28, 2004 at 18:51:35, Uri Blass wrote:
>
>>On June 28, 2004 at 18:20:32, Peter Berger wrote:
>>
>>>On June 28, 2004 at 15:19:13, Uri Blass wrote:
>>>
>>>>I also consider to ask Leo to remove public versions of movei from his site
>>>>because they can crash if you give them illegal FEN or game that has more than
>>>>1000 plies and a virus may use it to attack the computer of people who use
>>>>movei.
>>>>
>>>>Uri
>>>
>>>I tried hard to think about a potential virus and how it could take advantage of
>>>this misbehaviour of movei - no idea at all.
>>>
>>>Actually I think there just is no way, but then maybe I just miss it.
>>>
>>>Peter
>>
>>Maybe I misunderstand Dann's post in the winboard forum but here is a link.
>>
>>http://f11.parsimony.net/forum16635/messages/67791.htm
>>
>>Uri
>
>This won't work I assume. Also it's heavily theoretical.
>
>If you cause a buffer overflow in an internet service running with administrator
>privileges this might indeed cause a system access with root rights ( or the
>Windows equivalent).
>
>But I am really quite sure that potential crashes of your movei chess program
>don't fall into this category for various reasons. I can imagine an attack
>against Movei running on a chessserver - but how is this threat going to be
>worked on to threaten someone's computer?
Very simple. Write a rogue engine that sends the overrun to any opponent named
"movei*"
>I know there are some people reading here who can give *much* better advice (
>they usually have Chinese names from experience ;) ) , but I don't buy the
>danger caused by movei bugs for now.
Any program whatsoever that allows buffer overrun is a ticking time bomb,
including this one:
#include <stdio.h>
char s[32767];
int main(void)
{
gets(s);
return 0;
}
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.