Date: Mon, 16 Dec 1996 12:18:05 -0600 From: Richard Wackerbarth <rkw@dataplex.net> To: "Craig Shaver" <craig@ProGroup.COM> Cc: security@FreeBSD.org Subject: Re: crontab security hole exploit Message-ID: <l03010d00aedb3f1493b4@[204.69.236.50]> In-Reply-To: <199612161654.IAA19864@seabass.progroup.com> References: <Pine.GSO.3.95.961216154913.7742B-100000@lich> from "Joakim Rastberg" at Dec 16, 96 03:55:59 pm
next in thread | previous in thread | raw e-mail | index | archive | help
>Is there someplace or some book that someone who is writing new software can >refer to for learning how to write secure code in the first place? I >certainly don't want to ask some whiny security cop for each and every >little detail.... :) Most of the exploits currently being discovered are a direct result of programs which move user input into a fixed buffer without checking the length of the string. In each case, someone figures out what will get clobbered and creates a "string" that is designed to overwrite whatever follows the buffer. When those buffers are on the stack, it is very easy to clobber the return stack with a piece of code that takes control. The solution is to use "safe" string copy routines that honor the length of the receiving buffer. Since the methodology of a particular instance does not add to the sphere of knowledge, the details of the exploit don't really give most of us any useful information.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03010d00aedb3f1493b4>