oss-sec mailing list archives
Re: Thoughts on Shellshock and beyond
From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Thu, 09 Oct 2014 15:23:56 -0400 (EDT)
On Wed, 8 Oct 2014 21:31:37 -0700, Michal Zalewski <lcamtuf () coredump cx> wrote:
Sure, agreed. I don't think the code / data catchphrase accurately conveys this principle to developers, though =)
I've expanded the detection or prevention section of my paper in general: http://www.dwheeler.com/essays/shellshock.html#detect-or-prevent In particular, I've given more information on separating code/data here, in a way that I hope captures the point for developers: http://www.dwheeler.com/essays/shellshock.html#separate-code-data --- David A. Wheeler
Current thread:
- Re: Thoughts on Shellshock and beyond, (continued)
- Message not available
- Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 09)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond ArkanoiD (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 09)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond John Haxby (Oct 09)
- Re: Thoughts on Shellshock and beyond Kobrin, Eric (Oct 09)
- Re: Thoughts on Shellshock and beyond Stephane Chazelas (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Robert Watson (Oct 14)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 15)