[lug] Security notice and Ramen
rm at mamma.varadinet.de
rm at mamma.varadinet.de
Wed Jan 24 10:59:31 MST 2001
On Wed, Jan 24, 2001 at 10:47:00AM -0700, D. Stimits wrote:
> jkraai at murlmail.com wrote:
> >
> > On Tue, Jan 23, 2001, at 10:25:05 pm Sean Reifschneider <jafo at tummy.com> wrote:
> > >
> > > DJB has an RFC or the like for "net strings". [...]
> >
> > http://cr.yp.to/proto/netstrings.txt
> >
>
> I actually converted to something like this for other advantages on
> another app. They're useful for any network traffic, not just security,
> and not just text strings.
I'm not convinced that this would solve the problem. There are
secure replacements for all string handling functions in libc
that expect explicit size information. It's just that people
don't use the or compile lagacy applications.
Ralf
More information about the LUG
mailing list