Bugtraq mailing list archives
Re: How was the majordomo bug found ?
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Fri, 10 Jun 1994 17:48:14 +0100 (BST)
I think that a vast majority of 'holes' in Unix programs are based on the _DANGEROUS_ use of the system() function instead of the _MUCH_MORE_SECURE_ fork()/exec() combination.
Just beacuse the majority of `holes' you know are based on system(), doesnt
mean you can make sweeping statements about the `vast majority of holes'.
For example, the vast majority of holes I know are nothing to do with system().
Your mail makes some good points, but please dont spoil it with flame bait.
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk
| or: karl%mvax () bagpuss demon co uk
Current thread:
- How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? Brent Chapman (Jun 09)
- Re: How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? John Evans (Jun 09)
- Majordomo CERT advisory (modified by rouilj) John P. Rouillard (Jun 09)
- Re: How was the majordomo bug found ? Vincent D. Skahan (Jun 09)
- Re: How was the majordomo bug found ? Eric Vyncke (Jun 09)
- Re: How was the majordomo bug found ? Karl Strickland (Jun 10)
- Re: How was the majordomo bug found ? Evil Pete (Jun 10)
- Sequent/DYNIX Security Hole Christian A. Ratliff (Jun 10)
- Re: How was the majordomo bug found ? Brent Chapman (Jun 09)