Re: How to write a secure C program..

To: SDiZ Cheng <sdiz@uhome.net>
Cc: debian-security@lists.debian.org
Subject: Re: How to write a secure C program..
From: Lukas Ruf <ruf@tik.ee.ethz.ch>
Date: Tue, 3 Jul 2001 10:34:44 +0200
Message-id: <[🔎] 20010703103444.A20552@tik.ee.ethz.ch>
Mail-followup-to: SDiZ Cheng <sdiz@uhome.net>, debian-security@lists.debian.org
Reply-to: Lukas Ruf <ruf@tik.ee.ethz.ch>
In-reply-to: <[🔎] 00c701c10399$58f4c380$0300a8c0@linux>; from sdiz@uhome.net on Tue, Jul 03, 2001 at 04:22:48PM +0800
References: <[🔎] 00c701c10399$58f4c380$0300a8c0@linux>

On Tue, 03 Jul 2001, SDiZ Cheng wrote:

> I am going to rewrite suexec.c of apache ( to suit my boss's need ).
> As this program is SUID, I don't want to make any mistake.
>
Are you really sure you wanna do that?  As this program runs as SUID,
the programmers put really a lot of emphasize onto correctness!  I think
it would be hard for you to do a job as good as the officially
distributed program.  

As it is distributed in soure code, you should rather review the code
and check whether you could find any inconsistencies/errors/bugs.

--lpr

Reply to:

Follow-Ups:
- Re: How to write a secure C program..
  - From: Matthias Richter <matthias@vielfalt.de>
- Re: How to write a secure C program..
  - From: "SDiZ Cheng" <sdiz@uhome.net>

References:
- How to write a secure C program..
  - From: "SDiZ Cheng" <sdiz@uhome.net>

Prev by Date: How to write a secure C program..
Next by Date: Re: How to write a secure C program..
Previous by thread: How to write a secure C program..
Next by thread: Re: How to write a secure C program..
Index(es):
- Date
- Thread