[lug] Security notice and Ramen
Keith Herold
herold at cslr.Colorado.EDU
Tue Jan 23 16:48:25 MST 2001
Nope, you'd just replace them with shell escape attacks!
--Keith
Sean Reifschneider wrote:
> On Tue, Jan 23, 2001 at 03:20:00PM -0700, D. Stimits wrote:
> >A big part of making buffer overflow popular is because of functions
> >that expect a NULL-terminated string (i.e., sprintf/sscanf and friends
>
> I'd really love to see some network services written in Python or Perl.
> You have to be careful to prevent somone from sending a huge string
> without a newline, thus using as much RAM as possible, but it shouldn't
> be possible to do any buffer overflow attacks.
>
> DJB wrote a whole slew of dynamic string handing code as part of QMail...
>
> Sean
> --
> Thieves broke into Scotland Yard yesterday and stole all the toilets.
> Detectives say they have nothing to go on.
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list