Firewall Wizards mailing list archives
Re: Extreme Hacking
From: Darren Reed <darrenr () reed wattle id au>
Date: Tue, 13 Jul 1999 01:13:47 +1000 (EST)
In some email I received from Marcus J. Ranum, sie wrote:
Ge' Weijers wrote:On the other hand: those who need to develop security-related code, protocols etc. do need to have an awareness of common exploits.Yes, and no. They need to know classes of bugs to avoid, and categories of common mistakes. For example, if you're developing security critical code you need to know what buffer overruns are and how to prevent them -- you do not need an exploit script that tickles a bug in the latest version of BIND.
Allowing buffer overruns is just bad programming, irrespective of whether or not it is being used in a sitatuation where it is a security risk. Function calls such as gets() should just be banned >:) Other problems which can be introduced (race conditions with files, etc), are sometimes more a question of design and implementation than just bad programming. Darren
Current thread:
- Extreme Hacking Kunz, Peter (Jul 05)
- Re: Extreme Hacking Marcus J. Ranum (Jul 05)
- Re: Extreme Hacking Arjan Vos (Jul 05)
- Re: Extreme Hacking Aleph One (Jul 06)
- Re: Extreme Hacking Marcus J. Ranum (Jul 06)
- Re: Extreme Hacking Ge' Weijers (Jul 06)
- Re: Extreme Hacking Marcus J. Ranum (Jul 12)
- Re: Extreme Hacking Ge' Weijers (Jul 12)
- Re: Extreme Hacking Darren Reed (Jul 12)
- Re: Extreme Hacking Crispin Cowan (Jul 13)
- Re: Extreme Hacking deab (Jul 06)
- Re: Extreme Hacking Paul Woodie (Jul 06)
- Re: Extreme Hacking Craig H. Rowland (Jul 06)
- Re: Extreme Hacking Crispin Cowan (Jul 08)
- Re: Extreme Hacking Craig H. Rowland (Jul 09)
- Vulnerability Escrow (was: Extreme Hacking) Crispin Cowan (Jul 09)
- Re: Extreme Hacking Joseph S D Yao (Jul 12)
- Re: Extreme Hacking Craig H. Rowland (Jul 12)
- Re: Extreme Hacking Marcus J. Ranum (Jul 05)