Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.netspace.net.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.enteract.com!newsfeed.enteract.com!tqbf From: tqbf@char-star.rdist.org (Thomas H. Ptacek) Newsgroups: comp.unix.bsd.bsdi.misc,comp.unix.bsd.misc,comp.security.unix Subject: Re: *BSD* Security WWW/Mailing List? Date: 26 Apr 1997 21:37:08 GMT Organization: EnterAct, L.L.C. Lines: 15 Message-ID: <slrn5m4tc4.r3l.tqbf@char-star.rdist.org> References: <3356E1CC.299E@softway.com.au> <slrn5ltb2l.br4.tqbf@char-star.rdist.org> <5jo5m4$f9v@web.nmti.com> <slrn5m0dbf.jsb.tqbf@char-star.rdist.org> <5jqtkh$mmo@web.nmti.com> <DERAADT.97Apr26131201@zeus.pacifier.com> Reply-To: tqbf@enteract.com NNTP-Posting-Host: char-star.rdist.org X-Newsreader: slrn (0.9.1.1 BETA UNIX) Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6766 comp.unix.bsd.misc:3099 comp.security.unix:34056 26 Apr 1997 19:12:01 GMT deraadt@theos.com: >If it doesn't do that, well, that's the problem. Roughly said, >anytime you move to/from higher priviledge you have some cleanup to >do. If you don't, you are a sloppy programmer. If you don't check bounds on string copies, you're a sloppy programmer - yet we have hundreds of stack overruns to attest to the fact that using counted string manipulations is not common practice. -- ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- exit(main(kfp->kargc, argv, environ));