On Tue, 4 Apr 2017 15:06:45 +0000 "Schaufler, Casey" <casey.schauf...@intel.com> said:
> I read the article. The author seems to be basing his claim on finding 40 > instances of strcpy() in the code. This hardly qualifies as a sophisticated > analysis. also there are scant details if any. no pointing to specific lines of code. we have zero idea of what they found and they haven't shared with us. i have no idea who they contacted or what email address but it seems no one on the tizen platform team has much idea beyond just a single function in 1 place with 1 issue (i am not sure if it's exploitable but it certainly could cause a crash). > From: General [mailto:general-boun...@lists.tizen.org] On Behalf Of Olivier > Nyssen Sent: Tuesday, April 04, 2017 12:19 AM > To: Tizen General Mailing List <general@lists.tizen.org> > Subject: [Tizen General] Security > > Hello, > > An interesting article about Tizen: > "It may be the worst code I've ever seen," he told Motherboard in advance of > a talk about his research that he is scheduled to deliver at Kaspersky Lab's > Security Analyst Summit<https://sas.kaspersky.com/> on the island of St. > Maarten on Monday. "Everything you can do wrong there, they do it. You can > see that nobody with any understanding of security looked at this code or > wrote it. It's like taking an undergraduate and letting him program your > software." > https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities > > Regards, > Olivier -- Carsten Haitzler (The Rasterman) <ti...@rasterman.com> _______________________________________________ General mailing list General@lists.tizen.org https://lists.tizen.org/listinfo/general