Hacker News new | ask | show | jobs
by dataflow 466 days ago
>> denial of service was considered to be the realistic impact

> It is silly to make an overly broad statement about recursion killing. On modern "hosted" OSes, there are safeguards about stack overflows, which will quickly kill your process.

Something doesn't make sense here.
1 comments
rendaw 466 days ago
I might not entirely understand, but

>> denial of service was considered to be the realistic impact

is in the article as justification for why this has low criticality and therefore isn't subject to the 90 day disclosure timeline. I.e. it's _limiting_ the predicted impact.

I assumed GP was referring to the other more critical risk, stack clashing, which I guess could lead to RCE? not being an issue on modern OS's.

link
dataflow 465 days ago
The article basically said: "Letting your get killed this way would practically lead to DoS attacks (a security issue), therefore [conclusion]." The response was basically: "Actually, on modern OSes, your application gets killed, unlike on embedded systems. Therefore, [opposite conclusion]."

This doesn't make sense as a comment, regardless of the the particular conclusion.

link