oss-sec mailing list archives
Re: Thoughts on Shellshock and beyond
From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Tue, 07 Oct 2014 07:59:05 -0400
* Heartbleed is an out of bounds memory read. Well understood and yes,
it should be possible to implement mitigations against these kinds of things. It is not only possible, I have already posted a list of ways to find Heartbleed: http://www.dwheeler.com/essays/heartbleed.html I think identifying specific ways to counter classes of vulnerabilities is really important.
What class of bug is Shellshock? "Weird feature invented in
pre-Internet era"? How do you conquer this class of bugs? I am still struggling with this one. I am trying to create that list here: http://www.dwheeler.com/essays/shellshock.html#detect-or-prevent But to be honest, that list is pretty pathetic. This is a challenging class of vulnerability to detect or prevent ahead of time. Ideas would be very welcome. --- David A.Wheeler
Current thread:
- Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 07)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
- Re: Thoughts on Shellshock and beyond Tim (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)
- Re: Thoughts on Shellshock and beyond John Haxby (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)