Re: [Alug] Smugness, Nimda, Linux and Windows - main

22 Sep 2001


      xsprite@bigfoot.com writes:
...
Well, with a c program, the first exploitable bug you are likely to find
is a buffer overflow.
With perl, you move into the realm of shopping carts, webmail and so on.
Quite often authentication mechanisms are insufficient, poorly thought
out. Also there's the old open(HANDLE, $userstring); thing (where
$userstring is set to "/bin/rm -rf / |")
Ah, sorry, I interpreted:
"once you take out buffer overflows you end up with the
        inability of programmers to create a decent authentication
        system. (Think hotmail, banks, etc)"
as meaning that without buffer overflows, you cannot create a decent
authentication system, which goes against everything I've ever seen,
of course.  If we just mean insecure execution with user-tainted data,
then I know that bug (and I'm just trying to eradicate it from yet
another place).
-- 
MJR                                                   Thesis watch: 27%
      This is my personal web site =-> http://mjr.towers.org.uk/
         http://www.alug.org.uk/ <-- This is the LUG I go to
I work for this clever internet developer ==> http://www.luminas.co.uk/