Date: Mon, 16 Dec 1996 12:18:05 -0600 From: Richard Wackerbarth <rkw@dataplex.net> To: "Craig Shaver" <craig@ProGroup.COM> Cc: security@FreeBSD.org Subject: Re: crontab security hole exploit Message-ID: <l03010d00aedb3f1493b4@[204.69.236.50]> In-Reply-To: <199612161654.IAA19864@seabass.progroup.com> References: <Pine.GSO.3.95.961216154913.7742B-100000@lich> from "Joakim Rastberg" at Dec 16, 96 03:55:59 pm
index | next in thread | previous in thread | raw e-mail
>Is there someplace or some book that someone who is writing new software can >refer to for learning how to write secure code in the first place? I >certainly don't want to ask some whiny security cop for each and every >little detail.... :) Most of the exploits currently being discovered are a direct result of programs which move user input into a fixed buffer without checking the length of the string. In each case, someone figures out what will get clobbered and creates a "string" that is designed to overwrite whatever follows the buffer. When those buffers are on the stack, it is very easy to clobber the return stack with a piece of code that takes control. The solution is to use "safe" string copy routines that honor the length of the receiving buffer. Since the methodology of a particular instance does not add to the sphere of knowledge, the details of the exploit don't really give most of us any useful information.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l03010d00aedb3f1493b4>