Re: Buffer Overflows: A Summary

Perry E. Metzger (perry@piermont.com)
Wed, 30 Apr 1997 12:34:37 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dean Gaudet: "Re: mod_proxy problem in Apache v1.2b8"
Previous message: Aleph One: "JDK 1.1.1 & HotJava 1.0 vulnerability"
Maybe in reply to: Aleph One: "Buffer Overflows: A Summary"
Next in thread: Bill Trost: "Re: Buffer Overflows: A Summary"

Aleph One writes:
> Again the thing to do is fix the offending code. The OpenBSD
> project and some other teams have done a great job in this area.
> They have systematically gone through their code base looking for
> possible vulnerabilities. Not only have the fixed dozens of possible
> holes, at the same time they have made their software more reliable.
> Reliability and security go hand in hand.

NetBSD has been doing more or less the same thing. We are currently
working on eliminating as many SUID programs as possible, replacing
them with solutions that if possible require fewer SUID executables on
a machine. Less trusted code means less code which could go wrong
which means more reliablity.

Perry

Next message: Dean Gaudet: "Re: mod_proxy problem in Apache v1.2b8"
Previous message: Aleph One: "JDK 1.1.1 & HotJava 1.0 vulnerability"
Maybe in reply to: Aleph One: "Buffer Overflows: A Summary"
Next in thread: Bill Trost: "Re: Buffer Overflows: A Summary"