Re: Privilege-escalation attacks on NT-based Windows are unfixable
From: Edward Elliott (nobody@127.0.0.1)Date: 08/23/02
- Next message: Barry Margolin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Edward Elliott <nobody@127.0.0.1> Date: Fri, 23 Aug 2002 20:16:45 GMT
Alun Jones wrote:
> Then, too, there's the argument that strcpy is not a flaw in the language - if
> you have a function that's documented to scan for the first null-byte, and
> copy everything up to and including that byte into the destination, then you
> should, as a secure programmer, be aware that every time you call strcpy, you
> must have checked the destination is big enough to hold it! If strcpy didn't
> exist, someone would invent it, and the problem would still exist. Trying to
If strcpy didn't exist, everyone would use strncpy which is safer.
Indeed strcopy is not a fault in the language, but it is a fault in the
standard library.
-- Edward Elliott
- Next message: Barry Margolin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Previous message: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- In reply to: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Next in thread: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Reply: Alun Jones: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
