I have to believe that Mr. Fir E. Walls must have been trolling for a
fight when he started this thread.
Your question focused on how commercial firewall vendors are doing
bounds checking, and in particular, you said "Firewall software should,
in my opinion, be checked and certified by the vendor to not have the
possibility of smashing the stack. This is not expensive and does will
not ad significantly to the product."
Last time I checked, self-review of your own code did not qualify as
certification of anything. Independent review, on the other hand, did.
Since independent review needs to adhere to some sort of standard to be
of any use whatsoever, referring to the Rainbow series of trust levels
only makes sense (for now). With that in mind, it isn't until you get to
B-level that you introduce any significant code review whatsoever, and
therefore it has to be considered the minimum.
So when Karen (and I believe she is a she, not a Sir, btw) makes mention
of the various systems which comply with this you seem to think she's
advocating some ridiculous thing?? If we're going to play by your rules
(which you didn't lay out in the first place), then we are presumably
going to have to find a third party mechanism for certifying code
without using the commonly accepted guidelines. Fine, but would you mind
telling us who you would propose to do this testing? and where we can
find the white papers on the testing methodology you would consider
acceptable? and why you trust this new third party in the first place?
You may think you speak for the trodden-on comrades, but I tend to
disagree. Last time I checked, very few Mom and Pop ISPs were even
interested in putting up a Firewall to protect themselves. They're
typically seeking every bps they can find out of their connections and
not terribly interested in burdening themselves with either the
administration or latency that a Firewall would introduce. You got any
statistics to uphold your claim that this is not the case?
As for Mr. and Mrs. Small Business, sure, I agree fully that they do not
want to spend one cent more than they absolutely have to on their
servers/software, but then its also true that they will spend whatever
they have to in order to get the functionality they need. Both
statements are generalizations that hold little value.
So if certification to a sufficient trust level to ensure that proper
code review is not an acceptable answer to your question as to how do
vendors prevent their stacks from being smashed, what is?
R.C. Consulting, Inc. - NT/Internet Security