Re: How was the majordomo bug found ?

Karl Strickland (karl@bagpuss.demon.co.uk)
Fri, 10 Jun 1994 17:48:14 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Evil Pete: "Re: How was the majordomo bug found ?"
Previous message: Christian A. Ratliff: "Sequent/DYNIX Security Hole"
In reply to: Eric Vyncke: "Re: How was the majordomo bug found ?"
Next in thread: Evil Pete: "Re: How was the majordomo bug found ?"

> I think that a vast majority of 'holes' in Unix programs are based on the 
> _DANGEROUS_ use of the system() function instead of the _MUCH_MORE_SECURE_ 
> fork()/exec() combination.

Just beacuse the majority of `holes' you know are based on system(), doesnt
mean you can make sweeping statements about the `vast majority of holes'.
For example, the vast majority of holes I know are nothing to do with system().

Your mail makes some good points, but please dont spoil it with flame bait.
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl@bagpuss.demon.co.uk
                                          | or:  karl%mvax@bagpuss.demon.co.uk

Next message: Evil Pete: "Re: How was the majordomo bug found ?"
Previous message: Christian A. Ratliff: "Sequent/DYNIX Security Hole"
In reply to: Eric Vyncke: "Re: How was the majordomo bug found ?"
Next in thread: Evil Pete: "Re: How was the majordomo bug found ?"