> To the person that said most modern clients are smart enough to change UID
> before accepting user input, I have to ask, how many times have you had to
> upgrade sendmail, bind, ftpd, popd, imapd, rstatd, rlockd, portmap, ....
> because of buffer overflow exploits that keep popping up?
One question always comes to my mind when I read those security
advisories (especially when they deal with software which has
`security' on its feature list): Why are people using C for project
which explicitly aim at security, although experience has shown that
it is extremly difficult to write secure software in C? Why don't they
use a programming language in which buffer overflows cannot happen?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/