Re: Possible buffer overflows = security problem?
Wade Richards <wade@wabyn.net> wrote on 08/09/2003 (10:10) :
> The safest approach is always to ensure that the answer to the first
> question is "no", so you don't need to worry about the second one.
And the only approach! Never take calculated risks in these matter when
one is dealing with C/C++ programs. One do not for one know what will be
the future usage of the program. I mean next version of it etc...
Always use flawfinder (http://www.dwheeler.com/flawfinder/) one the
C/C++ code you are packaging to see what reports it gives. File the
report as a bug upstream. I think this should be the practice of Debian,
but apparently it isn't.
C/C++ code is the biggest security problem at the moment.
Preben
--
«I think fish is nice, but then I think that rain is wet.
So who am I to judge.»
- The Hitch Hiker's Guide to the Galaxy (radioplay)
Reply to: