Re: Buffer Overflows: A Summary

[perry () piermont com (Perry E. Metzger)]

Aleph One writes:
>     Again the thing to do is fix the offending code.  The OpenBSD
> project and some other teams have done a great job in this area.
> They have systematically gone through their code base looking for
> possible vulnerabilities.  Not only have the fixed dozens of possible
> holes, at the same time they have made their software more reliable.
> Reliability and security go hand in hand.

NetBSD has been doing more or less the same thing. We are currently
working on eliminating as many SUID programs as possible, replacing
them with solutions that if possible require fewer SUID executables on
a machine. Less trusted code means less code which could go wrong
which means more reliablity.

Perry