From owner-freebsd-security Tue Jul 21 12:18:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA20609 for freebsd-security-outgoing; Tue, 21 Jul 1998 12:18:59 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA20597 for ; Tue, 21 Jul 1998 12:18:55 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.8) id NAA15306; Tue, 21 Jul 1998 13:18:34 -0600 (MDT) Message-Id: <199807211918.NAA15306@lariat.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Tue, 21 Jul 1998 13:18:31 -0600 To: Martin Cracauer , security@FreeBSD.ORG From: Brett Glass Subject: Re: Projects to improve security (related to C) In-Reply-To: <19980721153715.A714@bik-gmbh.de> References: <199807201732.LAA20377@lariat.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:37 PM 7/21/98 +0200, Martin Cracauer wrote: >If some person isn't capable or willing to avoid buffer overflows in C >(as I said, one of the easier solvable security problems), he/she >probably doesn't have a clue or doesn't care about other problems as >well. So don't run the code. You might even use the easily reviewable >bounds issue to judge over the code. If he/she didn't get that one >right, you know what you will get. If it's written in Java, you don't >have such an easy indicator. Sorry, but I don't buy the notion that the possibility of SOME bugs is an excuse to let more of them slip by. That's like saying, "So what if the Ford Pinto blows up when hit in the rear? If we fixed that, we wouldn't suspect that the car's radio was designed badly." --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message