Re: One for the Security Guru's

• Next message: hlein@progressive-comp.com: "Re: ARGH! (Is there an HTML archive for linux-kernel that patches work from?)"
• Previous message: Kasper Dupont: "Re: [CFT] kexec syscall for 2.5.43 (linux booting linux)"
• In reply to: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
• Next in thread: Danny Lepage: "Re: One for the Security Guru's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Oct 26, 2002 at 10:43:29AM +0000, Henning P. Schmiedehausen
wrote:

> But my point is, that these beasts normally don't run a general
> purpose operating system and that they're much less prone to buffer
> overflow or similar attacks, simply because they don't use popular
> software with known bugs (e.g. OpenSSL) or these functions (like
> doing crypto) are in hardware.

As someone who has worked on a couple of these which are presently on
the market I can assure you that many of these things have plenty of
'popular software' in them... albeit hacked up and mangled to bits at
times... but it's there, and often vulnerable to many of the same
problems you would have under Linux/Apache/whatever.

  --cw

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: hlein@progressive-comp.com: "Re: ARGH! (Is there an HTML archive for linux-kernel that patches work from?)"
• Previous message: Kasper Dupont: "Re: [CFT] kexec syscall for 2.5.43 (linux booting linux)"
• In reply to: Henning P. Schmiedehausen: "Re: One for the Security Guru's"
• Next in thread: Danny Lepage: "Re: One for the Security Guru's"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:35 EST