Re: [fw-wiz] SANS Top Ten and Commercial Firewalls

From: Ryan M. Ferris (
Date: 10/03/02

From: "Ryan M. Ferris" <>
To: "m p" <>, "Anton A. Chuvakin" <>
Date: Thu Oct  3 18:24:01 2002

An interesting variant on this is the DARPA sponsered Linux compiler that
compiles software (including Linux) without some of the known security
loopholes found in ordinary C compilers:

This is probably no substitute for careful validation and verification of
the code with respect to security guidelines (i.e. NIST common criteria,
etc.), however it is another good tool to prevent the deployment of insecure

Without extensive black box testing, I don't know how you would do this on
software for which you don't have the source.

Ryan M. Ferris

----- Original Message -----
From: "m p" <>
To: "Anton A. Chuvakin" <>
Cc: <>
Sent: Thursday, October 03, 2002 10:42 AM
Subject: Re: [fw-wiz] SANS Top Ten and Commercial Firewalls

> --- "Anton A. Chuvakin" <> schrieb: > Devdas and all,
> >
> > Just out of curiousity.
> >
> > >proftpd, vsftpd, pureftpd
> > >...
> > >Postfix/Qmail
> > >...
> >
> > Is there any evidence that helps decide whether its more secure because
> > its written better or because its used less?
> >
> Hi Anton,
> there are programs out there which were written with security in mind. As
> are postfix, qmail, djbdns, daemontools, tcpwrappers, ....
> Those are believed to be secure (and checked/reviewed) by many people.
> The argument "because it is used less" should be carefully mentioned. Now
> Netware is seldom used - but as showed on the blackhat conference in Vegas
> year there are many ways to gain more access than what you were granted
> Marc
> __________________________________________________________________
> Gesendet von Yahoo! Mail -
> Möchten Sie mit einem Gruß antworten?
> _______________________________________________
> firewall-wizards mailing list

Relevant Pages

  • RE: Anyone looked at the canary stack protection in Win2k3?
    ... I wrote up a simple analysis of Microsoft's /GS compiler option for Visual C++ ... Compiler Security Optimizations ... In Chapter 1 you saw the simplest possible buffer overflow, ... checks to see that it is still alive when a vulnerable stack frame returns. ...
  • Re: Compilation of Code in Microsoft Visual Studio .NET and a couple of other Microsoft .NET questio
    ... I've just recently installed the Visual Studio .net Professional ... part of visual studio, not the compiler. ... then does that mean that I have found a security flaw in .NET or is it just ... Visual Studio .NET will that executable require the .NET framework to be ...
  • Re: Unchecked Buffer
    ... the above is not a potential security design issue. ... > when attempting to go over software to check for possible stack overflow ... text on the local machine where an app might GetWindowText. ... > it should be picked up by the compiler. ...
  • In response to alleged vulnerabilities in Microsoft Visual C++ security checks feature
    ... the security check feature introduced in the Microsoft ... Visual C++ .NET compiler is NOT vulnerable. ... themselves to more attacks is unfounded and patently false. ... Critics might claim that all vulnerabilities are easy to find; ...
  • Re: volatile in statements (memset_s)
    ... to tell compiler not to remove or move the following statement. ... Optimization in general does not necessarily work by removing or moving statements; it may involve complicated transformations such as turning a single variable with a longer lifetime into multiple separate variables with much shorter lifetimes; getting rid of some of them altogether; assigning multiple separate variables to the same register or memory location; and a lot of possible other stuff, some of it much less tangible. ... Security is different: security lives in an other world, ... lot more assumptions on real architecture. ...