[lug] Security notice and Ramen
Sean Reifschneider
jafo at tummy.com
Tue Jan 23 16:33:40 MST 2001
On Tue, Jan 23, 2001 at 03:20:00PM -0700, D. Stimits wrote:
>A big part of making buffer overflow popular is because of functions
>that expect a NULL-terminated string (i.e., sprintf/sscanf and friends
I'd really love to see some network services written in Python or Perl.
You have to be careful to prevent somone from sending a huge string
without a newline, thus using as much RAM as possible, but it shouldn't
be possible to do any buffer overflow attacks.
DJB wrote a whole slew of dynamic string handing code as part of QMail...
Sean
--
Thieves broke into Scotland Yard yesterday and stole all the toilets.
Detectives say they have nothing to go on.
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the LUG
mailing list