Date: Thu, 3 Jan 2002 20:49:14 +0200 From: Nevermind <never@nevermind.kiev.ua> To: Rob Andrews <rob@cyberpunkz.org> Cc: freebsd-security@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: libsafe? Message-ID: <20020103204914.A43401@nevermind.kiev.ua> In-Reply-To: <200201021319.35424@cyberpunkz.org>; from rob@cyberpunkz.org on Wed, Jan 02, 2002 at 01:26:25PM -0600 References: <200201021122.27596@cyberpunkz.org> <200201021319.35424@cyberpunkz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Rob Andrews! On Wed, Jan 02, 2002 at 01:26:25PM -0600, you wrote: > and yes I realize libparanoid is in the ports. Note the differences between > libsafe and libparanoid.. (sorry I've gotten a few replies and yes I know > about it. but its not similar in _how_ it handles doing the same thing that > libsafe is doing) I've talked to Snar(@paranoia.ru) few days ago here, and he explained me why his approach is better then trying to handle "correctly" such things. I suppose when your app is being attacked with some of buffer overflow or anything else similar to it, it is better to shutdown to prevent any further attempts and report failure to administrator rather then not knowing that app is vulnerable to buf.overflow. Also, you cannot be absolutely sure of any way of "correct" handling such situation. P.S. 2 snar: please, correct me if I wrong. -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020103204914.A43401>