>> If you're joking, :). >> >> If you're serious, go read a primer on security. >> >> Do you patch your kernel the same way? > >No. I was speaking of THAT patch. >that one is not so difficult, imho. > >a more difficult one, of course, must be >understood before. or let someone that can >do for you. > >Is not a binary file, don't you agree???
I'll agree it's not a compiled binary. Sure. That's more factual than anything. I don't agree that it is any good, because I don't trust most people (myself included) to 100% understand and verify a patch, especially a patch with malicious intent. How hard would it be to patch something in the sip channel that allows a buffer to be overrun? It could easily be crafted as an accident. A lot of devs say "oh, they used strncat, so it can't overflow". A lot of users can't even read C. So, by saying it's so easy to verify the patch and that this kind of behaviour is acceptable is saying that you never miss a security hole. That's quite a claim. -Michael _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users