|
| From: | Tarik |
| Subject: | Bug error validation |
| Date: | Thu, 15 Jan 2004 12:21:54 +0100 |
|
Dear colleagues,
I how some doubts I want to comment with you all .
When information is received from an untrusted source it must be validated prior
to processing it. In the case of the aforementioned talkd hole, the daemon
should have made sure the path to the terminal file was indeed correct. This
could have been done by simply checking the password database, making sure the
ownership matched, and that the terminal path did indeed point to a terminal.
Later in the FAQ, the concept of the least privilege principle is explained, and
it would have worked wonders with the aforementioned security hole.
Many Thanks Tarik Computer Science Dep. Tanzania University
___________________________________________________________ Try Free Mail with http://www.mail-translator.biz best translator resources in Africa For Europe: [France] http://www.mail-translator.biz/France - [Germany] http://www.mail-translator.biz/Germany - [Italy] http://www.mail-translator.biz/Italy - [Portugal] http://www.mail-translator.biz/Portugal - [Spain] http://www.mail-translator.biz/Spain |
| [Prev in Thread] | Current Thread | [Next in Thread] |