[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package descriptions/ITPs [Was: Bug#148319: ITP: unreal-ircd]

On Wed, May 29, 2002 at 04:34:11PM +1000, Jamie Wilkinson wrote:
> >> [1] All software has security holes. Without exception.
> >
> >Really? *All* Software?
> >
> >Spot the security holes:
> >
> >--- CUT ---
> >#include <stdio.h>
> >
> >int main() {
> >        printf("Hello World\n");
> >        return(0);
> >}
> 
> Your libc has been trojaned and printf runs a root shell.

That's not a security hole in the software. It has nothing to do with
the software. It's a security hole in whatever let libc be compromised.
Once the outside enviroment has been compromised, there's nothing any
software can do to be secure.  

-- 
David Starner - starner@okstate.edu
What we've got is a blue-light special on truth. It's the hottest thing 
with the youth. -- Information Society, "Peace and Love, Inc."


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: