At 14:24 13/06/01 -0400, Michael T. Babcock wrote:
> > > And without IOS source, that would certainly be... challenging...
> >
> > I quite agree.
>
>I disagree ... many, many buffer overflow exploits in closed-source
>software packages have been discovered by trial and error, without
>any use of source code;
and one thing that eases it is "good guessing". This isn't as hard as one
can think! you just try to think of how to implement something and see that
there are some traps. You can then test "closed-source" software to check
whether they falled in. I think that some specialist could write a book on
"security bugs patterns".
A fundamental example that comes again and again is reading a line. Protocol
handling requires parsing, and if not done the correct way, it always
results in
either buffer overflow or "normal" bugs (truncated lines and so on).
> they aren't that hard to find. Simply find a
>good search engine (such as astalavista.box.sk) and look for HOWTOs
>on buffer overflows.
>
> > IF the buffer overflow is on the stack
>
>This is quite often the case ...
And if one keeps in mind the fact that all stacks have been either derived or
inspired by the original BSD implementations, one can find many bugs just
by looking at what has been corrected since then in the *BSD. Those who argue
that this or that stack have been written from scratch should think about this:
- either the guy never took a look at the available source code, but then
he is probably
a silly guy reinventing a square wheel. When solving problems, one should
always
check what others have done before (MS should have taken more time to review
the problems encountered by Unix developpers, but let's forget about this);
- or he wrote it from scracth after (carefully if he is "serious") checking
what BSD guys
have done. And as a human being, you can't force yourself to "forget" what
you've
learnt. so there are always chances of reproducing some old behaviour...
[snip]
cheers,
mouss
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
