[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: woody release task needs help: package priorities

Previously Tollef Fog Heen wrote:
> You are assuming that talkd have buffer overflows, but you have no
> proof of it.  And talk is rwxr-xr-x, so what would you win by an
> overflow on a local host?  And I doubt that there are many bugs in a
> daemon which is less than 10k big.

Security works the other way around: assumed vulnerable until proven
otherwise. And for any non-trivial program proof is impossible, so
the best we can do is limit the risks.


 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to: