Date: Thu, 13 Feb 1997 07:49:33 +0900 (JST) From: Michael Hancock <michaelh@cet.co.jp> To: Alexander Snarskii <snar@lucky.net> Cc: dk+@ua.net, freebsd-hackers@FreeBSD.org Subject: Re: Increasing overall security.... Message-ID: <Pine.SV4.3.95.970213074440.12287B-100000@parkplace.cet.co.jp> In-Reply-To: <199702122023.WAA21544@burka.carrier.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 12 Feb 1997, Alexander Snarskii wrote: > > To play devil's advocate... > > > > 1) It requires assembler which is harder to understand. Less people are > > qualified to review it. Relying on something harder to understand for > > security is questionable. > > Yes, it is. But there are about 51 functions in standard libc, realized > on assembler, so, i think there are someone, who wrote it, and knew > assembler well to review .... The intention of those functions is not security. > > > > 2) We don't know if it operates correctly. Sendmail 8.8.5 has around 106 > > strcpy's in it and we don't know what the patch's effect will be in a > > production environment. > > Mike, do you think that i published this patches without correct > check of working ? These patches are applied on my main computers > about week or so, and i have no problems with... > ( Well, sendmail 8.8.5 - no problems, too... ) I'm sure you checked it. You have to understand that skepticism is a natural thing. Regards, Mike Hancock
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SV4.3.95.970213074440.12287B-100000>