|Subject:||Bug error validation|
|Date:||Thu, 15 Jan 2004 12:21:54 +0100|
I how some doubts I want to comment with you all . When information is received from an untrusted source it must be validated prior to processing it. In the case of the aforementioned talkd hole, the daemon should have made sure the path to the terminal file was indeed correct. This could have been done by simply checking the password database, making sure the ownership matched, and that the terminal path did indeed point to a terminal. Later in the FAQ, the concept of the least privilege principle is explained, and it would have worked wonders with the aforementioned security hole.
Computer Science Dep.
Try Free Mail with http://www.mail-translator.biz best translator resources in Africa
For Europe: [France] http://www.mail-translator.biz/France - [Germany] http://www.mail-translator.biz/Germany - [Italy] http://www.mail-translator.biz/Italy - [Portugal] http://www.mail-translator.biz/Portugal - [Spain] http://www.mail-translator.biz/Spain
|[Prev in Thread]||Current Thread||[Next in Thread]|