[lug] Security notice and Ramen
D. Stimits
stimits at idcomm.com
Tue Jan 23 17:03:28 MST 2001
Sean Reifschneider wrote:
>
> On Tue, Jan 23, 2001 at 03:20:00PM -0700, D. Stimits wrote:
> >A big part of making buffer overflow popular is because of functions
> >that expect a NULL-terminated string (i.e., sprintf/sscanf and friends
>
> I'd really love to see some network services written in Python or Perl.
> You have to be careful to prevent somone from sending a huge string
> without a newline, thus using as much RAM as possible, but it shouldn't
> be possible to do any buffer overflow attacks.
A similar scenario for some of the C++ STL containers. I could imagine
someone trying to buffer overflow a std::string for someone with a 56k
modem. They'd be sending one string for all day and night, wondering why
it wasn't overflowing yet.
>
> DJB wrote a whole slew of dynamic string handing code as part of QMail...
>
> Sean
> --
> Thieves broke into Scotland Yard yesterday and stole all the toilets.
> Detectives say they have nothing to go on.
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list