Firewalls: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd)

Firewalls
(August 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd)
From:	bret @ real . com (Bret McDanel)
Date:	Tue, 29 Aug 1995 14:54:30 GMT
To:	firewalls @ greatcircle . com

> Here is what I mean when I say if it is unix it is a sieve...
> 
> 
[Entire 8lgm advisory deleted]

Well, I think that the problem is that too many people arent taught proper
programming to begin with..  Almost every hole that has come out in the last
2 or 3 years is because people that wrote programs assume that all data is
good..  

This hole that was mentioned was a prime example of that..  All data is valid,
so dont check for size..  If programmers start assuming that all data is
invalid, until proven valid, then security will be a lot easier to manage..

The idea of 'error checking' implies that you check for errors, not checking
for validity..

Just my opinion..

Follow-Ups:

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd)
From: Christian Wettergren <cwe @ Csli . Stanford . EDU>

Indexed By Date	Previous:	Re: Digital Firewall for Ultrix From: Dermot Tynan <dtynan @ fws . ilo . dec . com>
Indexed By Date	Next:	pentultimate fix for sprintf? :-) From: Mark Hittinger <bugs @ ns1 . win . net>
Indexed By Thread	Previous:	[8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) From: Mustafa Soysal MS57 <admin @ mistik . express . net>
Indexed By Thread	Next:	Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) From: Christian Wettergren <cwe @ Csli . Stanford . EDU>