Re: Possible buffer overflows = security problem?

To: debian-security@lists.debian.org
Subject: Re: Possible buffer overflows = security problem?
From: Preben Randhol <randhol@pvv.org>
Date: Mon, 8 Sep 2003 10:28:42 +0200
Message-id: <[🔎] 20030908082842.GA3799@pvv.org>
In-reply-to: <[🔎] 20030905193727.GA24695@wabyn.net>
References: <[🔎] 20030905144729.GE545@djpigpb> <[🔎] 20030905193727.GA24695@wabyn.net>

Wade Richards <wade@wabyn.net> wrote on 08/09/2003 (10:10) :
> The safest approach is always to ensure that the answer to the first
> question is "no", so you don't need to worry about the second one.

And the only approach! Never take calculated risks in these matter when
one is dealing with C/C++ programs. One do not for one know what will be
the future usage of the program. I mean next version of it etc...

Always use flawfinder (http://www.dwheeler.com/flawfinder/) one the
C/C++ code you are packaging to see what reports it gives. File the
report as a bug upstream. I think this should be the practice of Debian,
but apparently it isn't.

C/C++ code is the biggest security problem at the moment.

Preben
-- 
«I think fish is nice, but then I think that rain is wet.
 So who am I to judge.»
                 - The Hitch Hiker's Guide to the Galaxy (radioplay)

Reply to:

References:
- Possible buffer overflows = security problem?
  - From: Frank Lichtenheld <djpig@djpig.de>
- Re: Possible buffer overflows = security problem?
  - From: Wade Richards <wade@wabyn.net>

Prev by Date: Re: Prelude H-NIDS
Next by Date: RE: 2.4.21 IPSEC problems
Previous by thread: Re: Possible buffer overflows = security problem?
Next by thread: Prelude H-NIDS
Index(es):
- Date
- Thread