Re: Re : Bounds-checking gcc ..

> Well.. no duh! But if you insist on a perfect solution, the likely

Oh, I disagree. A partial solution is *worse* than a complete or no solution approach. One of the most often cited and most valid complaints against firewalls is that they buy you a false sense of security. Security should be end-to-end, if it's not, then you're doing something wrong.

What's the point of all of this, anyway? To simplify the security aspects of setuid programs? That would be much better accomplished by provided a standard set of routines in a library (libsetuid, anyone?) for doing things like scrubbing the environment, safely reading in, copying, and token-izing strings, etc, and then making it a convention to call those routines in setuid programs.

As for redesigning the operating system, well, isn't that what the AT&T guys did with Plan 9 and Brazil? ``Not only is UNIX dead, but it's starting to smell bad...'' <-- Rob Pike.

> This is getting off topic.. I am not suggesting that we do any of this

For this one, I suggest we take the ``no solution'' approach, and then work towards a standard set of library routines which are useful for handling common tasks inside setuid programs.

Oh, btw. Two or 20 messages back, someone brought up the issue of adding ``non-standard'' functions to the libraries. I wanted to address that then, but I got really swamped here (which is why the secure audit has fallen behind my own personal schedule. Mark, have you gotten anything cool yet with the international stuff? :-)

That individual (I'm sorry, I can't remember who it was, and I want to get out of here and go home, so I'm not going to look. My apologies) brought up some really good points. But I think that it's important to remember that the functions which appear in the standard *now* do so because they were in common use somewhere before the standard came to be. My point? Well, if we add some of these needed-but-not- there-and-not-standard functions NOW, they stand a pretty good chance of making it into the standard later. If we're doing things correctly (which is my big gripe when people declare main as void main(void). Argh. It's incorrect.), then we have a very good basis for adding new functionality to the system, that will more than likely be incorporated  into the various standards later. What do folks think about this? I'm really interested, especially on this point.

• Dan C.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related audit-dead Links auditors bin contrib eBones games init lib libc libexec lkm sbin secure telnetd usr Request more information about Pantek