[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bug error validation

From: Tarik
Subject: Bug error validation
Date: Thu, 15 Jan 2004 12:21:54 +0100

Dear colleagues,
I how some doubts I want to comment with you all . When information is received from an untrusted source it must be validated prior to processing it. In the case of the aforementioned talkd hole, the daemon should have made sure the path to the terminal file was indeed correct. This could have been done by simply checking the password database, making sure the ownership matched, and that the terminal path did indeed point to a terminal. Later in the FAQ, the concept of the least privilege principle is explained, and it would have worked wonders with the aforementioned security hole.

Many Thanks


Computer Science Dep.

Tanzania University




Try Free Mail with http://www.mail-translator.biz best translator resources in Africa

For Europe: [France] http://www.mail-translator.biz/France - [Germany] http://www.mail-translator.biz/Germany - [Italy] http://www.mail-translator.biz/Italy - [Portugal] http://www.mail-translator.biz/Portugal - [Spain] http://www.mail-translator.biz/Spain

reply via email to

[Prev in Thread] Current Thread [Next in Thread]