Secure Programmer: Keep an Eye on Inputs 157
An anonymous reader writes "This article discusses various ways data gets into your program, emphasizing how to deal appropriately with them; you might not even know about them all! It first discusses how to design your program to limit the ways data can get into your program, and how your design influences what is an input. It then discusses various input channels and what to do about them, including environment variables, files, file descriptors, the command line, the graphical user interface (GUI), network data, and miscellaneous inputs."
Windows & Belkin (Score:1, Interesting)
This unpredictable event seems to screw with programs when the ram is low.
Also, those microsoft security holes we have seen in the past year of 2003 are no confidence to M$ security.
Lastly, Belkin routers are no good for security. AFter all, they hijack your http requests and direct you to somewhere you didnt want to go!
Grump.
Re:Windows & Belkin (Score:5, Insightful)
You could probably majorly screw up a progoram by sending it random message numbers. It'd react as if you were sending random menu and other commands. Hmm, that sounds like a fun prank to play...
Re:Windows & Belkin (Score:3, Informative)
Re:Windows & Belkin (Score:1, Insightful)
Well, not quite. There are ways of isolating programs, but it's very rarely useful. (In fact, I've never done it, but I know it's possible.)
But why bother with all that when you can just install a system-wide hook? It's quite easy to actually inject code into another process. Once you've got that you can muck with data or intercept system calls to your heart's delight.
What it comes down to is that if you d
Re:Windows & Belkin (Score:3, Informative)
Accourding to http://security.tombom.co.uk/shatter.html [tombom.co.uk] it is much worse than just that. Not only can anyone send such a message, but the messages can even force the receiver to execute arbitrary code.
Re:Windows & Belkin (Score:2)
Re:Windows & Belkin (Score:1)
If you input ever displays as HTML (Score:2, Insightful)
Re:If you input ever displays as HTML (Score:5, Insightful)
New developers working on applications open to the internet often aren't used to developing in an evironment where programmers that don't work for their employer can access their app. All it takes for one dishonet person who knows slightly more than you to hack your app.
Re:If you input ever displays as HTML (Score:5, Informative)
So true, so true. For example (in PHP)
<?
if ($login='Admin' && $pass='19ak129')
$secure=true;
if ($secure)
{
}
?>
In many cases this script's security could be bypassed by adding "&secure=true" at the end of the URL!
I prefer to generate or define a set of values that are acceptable and check with in_array().
EG:
<?
$acceptable=array('a', 'b','na');
if (!in_array($acceptable, $_REQUEST[check]))
die ('Sorry. Input in field "check" is invalid');
?>
Or by using a regex. Assume that the input must be a number:
<?
$match="/[0-9]+/";
if (preg_replace($match, '', $_REQUEST[number]))
die ('You must put in a number');
if (strlen($_REQUEST[number]>5))
die ('Number you have entered is out of range');
?>
You can oftentimes functionalize these so that it's as simple as:
<?
if ($error=Valid_Integer($_REQUEST[number]))
die($error);
?>
Simple methods that can greatly enhance security!
Re:If you input ever displays as HTML (Score:3, Informative)
I guess the moral of the story is that the web is young, and web platforms are even younger. With any luck, many of th
Re:If you input ever displays as HTML (Score:2, Informative)
Saving stuff in a database... SAFELY. (Score:2)
Since addslashes() is only truly useful when magic_quotes are off, I wrap it all in a function that checks the status of magic_quotes. Defined as something like:
dbprep($string, $length=-1);
So that if $length>0 the input cannot be longer than $length.
I do the same for databased output, EG: dbout().
Combine addslashes with a few others, such as htmlentities(), and perhaps a regex or something to check for [a-zA-Z0-9], and you have *very* powerful input validation.
Am I missing s
Re:If you input ever displays as HTML (Score:4, Informative)
Use placeholders. PEAR DB supports them, as do other database abstraction layers. As long as you _always_ use placeholders you will be safe against SQL injection.
If you can't depend on PEAR DB (or similar) to be installed / at the correct version, you could quickly build yourself a function that takes a variable number of arguments: a SQL statement containing '%s' (for strings) or %d (for numerics) followed by potentially hostile arguments. Run each of the arguments through mysql_escape_string (or equivalent for your DB) then build your SQL statement using sprintf. Note: I haven't tested that approach; use with caution.
Re:If you input ever displays as HTML (Score:3, Interesting)
The option to register global variables is off by default since PHP 4 and for a very good reason: it's potentially insecure, as you demonstrated, and it also creates very sloppy code. Ever tried to debug a program you haven't written that uses those? You get variables that have never been declared being used, and it can be a pain to determine where exactly they come from. From an included file? $_POST? $_GET? Then you can get conflicta and it becomes an horrible mess - I can't understand why register_global
Re:If you input ever displays as HTML (Score:1)
Use $_GET,$_POST,$_COOKIE,$_SESSION, etc. They're your friends. No more URL-hacking fun.
Re:If you input ever displays as HTML (Score:3, Informative)
<?
unset($secure);
if ($login='Admin' && $pass='19ak129')
$secure=true;
if ($secure)
{
}
?>
Re:If you input ever displays as HTML (Score:2)
In a controlled network environment in which the cost of tampering with the data is relatively small the most important requirement is traceability - if somebody breaks in you just fire them. On the other hand, if an internal hacker can
And code reviews, code reviews, code reviews (Score:5, Insightful)
Re:And code reviews, code reviews, code reviews (Score:2)
Re:And code reviews, code reviews, code reviews (Score:1)
The more things change.... (Score:5, Insightful)
The article's worth reading, and really does justify it's "Level: Intermediate" label. Unlike when I was learning to program, there are lots of sources of input beyond your deck of punch cards (:-), and the author does a good job of explaining many of them, such as evil things that environment variables and file descriptors can be used for.
Re:The more things change.... (Score:3, Insightful)
eg. Manager says, write a UI that accepts username & account, and then spits out user transactions . During design phase, you invariably make the code hack-able so its easy to test. ie. I could put in "*" for account and it would spit out transactions of ALL users, regardless of the username. This is a useful backdoor, especially in development tim
Re:The more things change.... (Score:3, Informative)
Re:The more things change.... (Score:2, Insightful)
What amazes me is that people try to optimize thier code by carefully minimizes thier input fuction. It is input. Input is slow. Go somewhere else to optimize. Create a good input fuction and leave it
Re:The more things change.... (Score:2)
I'd say you had few problems because unlike so many in this business, you actually fathom the concept of validation, and know how to use C without letting it walk all over you. I don't know why that's difficult but apparently it is...
Shooting yourself in the Foot in C (Score:2)
The problem is that too many people aren't sufficiently careful, including the people who wrote the gets() I/O subroutine, so their Internet implementations typically resemble large quantities of foot-sized bright-colored bull's-eye signs marked "YOURS ARE HERE" and large numbers of guns and bullets of various sizes distributed to lots of
Re:The more things change.... (Score:3, Funny)
Besides - leaving some small holes in your code guarantees future work - which is hard to come by in this day and age.
No inputs = useless? (Score:2)
Not necessarily. What about a program which calculates pi or runs some kind of simulation? The 'input' is in the form of constants compiled into the executable. Technically there is no input, but the program is hardly useless.
Re:No inputs = useless? (Score:2)
Ok, so maybe he failed to specify that such a program would be *relatively* useless.
What good is a program that calculates pi if you cannot specify how many digits?
What good is a simulation if you cannot specify which parameters to use, and how long you want to run it?
Answer: not very good
Re:No inputs = useless? (Score:1)
Re:No inputs = useless? (Score:1)
Re:No inputs = useless? (Score:1)
Output implies input (Score:1)
A monitor can be very useful without ever getting input from another process
Where to write output is itself input, which comes ultimately from another process, through redirection of file descriptors or through chroot() of the file system.
Re:Output implies input (Score:1)
Re:No inputs = useless? (Score:1)
Re:No inputs = useless? (Score:2)
What good is a simulation if you cannot specify which parameters to use, and how long you want to run it?
That information can be contained inside a constant and compiled into the final executable.
Re:No inputs = useless? (Score:2)
Can, yes, can. But they wouldn't be very useful.
Re:No inputs = useless? (Score:2, Informative)
Can, yes, can. But they wouldn't be very useful.
Not very useful? Here are examples which require no input and which I think are useful:
- a cpu meter (no input, just system calls).
- an aquarium simulation screen saver.
- one-off applications which produce a static output from hard-coded input.
- complex mathematical calculations
- true, false, bg, fg, ps, top, logout commands/utilities in Linux
- a clock display app
Re:No inputs = useless? (Score:2, Insightful)
Re:No inputs = useless? (Score:2)
Yes, I completely agree. But the article also says that program which do not take any input are useless. It is *my* point to refute this claim.
The cpu meter, bg, fg, ps, top, logout, and clock programs all take input, in the form of system and library calls.
What do you propose? That software developers don't even trust the system calls of the
Re:No inputs = useless? (Score:1)
What do you propose? That software developers don't even trust the system calls of the OS they are running on?
You can certainly trust most system calls, but one of the things the article mentioned was an attacker closing the std{in,out,err} file descriptors before execve(2)'ing your program. So on some systems, when you open(2) a file, you'd get the same han
DRM? (Score:1)
You can certainly trust most system calls
What if I'm writing a program to display a work under copyright or trade secret restriction? How can I be sure that the system calls haven't been patched with the cooperation of the owner of the machine to leak the work to a third party?
Re:DRM? (Score:2)
What if I'm writing a program to display a work under copyright or trade secret restriction? How can I be sure that the system calls haven't been patched with the cooperation of the owner of the machine to leak the work to a third party?
You can't be sure that someone hasn't tampered with the machine. I don't think this is in the realm of what normal applications should have to worry about.
Nonetheless, if you do have trade secrets and you are worried about them
perl -T says it all (Score:3, Interesting)
Re:perl -T says it all (Score:5, Informative)
There are other harmful things that data can wind up doing that Perl can't check for. Things like being used as SQL queries, or the classic "pass the price as a CGI parameter" mistake. Taint checking is more useful as a reminder that you need to validate input than a way of keeping potentially bad input isolated.
Re:perl -T says it all (Score:1)
In conjunction with the -T switch, you can also use the DBI placeholder methodology, which takes care of SQL-injection vulnerabilities:
# isolating relevant Perl code
@row_data = $database_handle->selectrow_array( 'SELECT * FROM customers_table WHERE lname=? AND email=? LIMIT 1', undef, $input1, $input2 );
$statement_handle = $database_handle->prepare( 'INSERT INTO customers_table (lname,email) VALUES (?,?)' );
$statement_handle->execute( $input1, $inp
Re:perl -T says it all (Score:1)
This isn't just a Perl problem, its a problem with any language.
Things like being used as SQL queries
I don't see why people get so bunged up about SQL injection attacts. The main reason they're effective is because so few developers know the right way to move data between their programs and sql queries. There's a very simple solution to this problem that can be used in Perl and just about every language I've ever s
Re:perl -T says it all (Score:2)
Good time to mention magic_quotes_gpc [php.net] and register globals [php.net] as well.
Of courses none of these are a replacement for good programming practises in the first place. magic_quotes can get annoying if you do filter input properly as it's easy to end up with double escaped strings (e.g \\\'test\\\' instead
Re:perl -T says it all (Score:2)
The fact that features like addslashes, magic quotes and register globals exist show little thought goes into PHP's design.
Your input filters should be designed to filter data so that your _program_ can cope with it, NOT so that other programs can cope with it.
After your program processes the input, you use the necessary _output_ filters for each different output so that other programs can c
Re:ASP -t doesn't say jack (Score:2)
DB quoting/filtering should be left to the Database API.
What like using seperate commands for different [php.net] databases [php.net]. You can look the rest up yourself, I'm bored of reading the PHP manual for other people.
Register globals is there to allow backwards compatibility. Everyone, especially php.net, shout from the hills about how insecure it is and how it shouldn't be
Re:ASP -t doesn't say jack (Score:2)
That's not what I'd call a database API. That's pretty silly and error prone. Take a leaf from JDBC or Perl DBI, etc, or come up with something better, not worse.
PHP should at least have a DB API that supports bind vars or placeholders. Or some other API so that data is automatically escaped the way it should be, and the risk of data being treated as commands is low/nil and it is easier to audit and find uncompliant DB related code. If the PHP dev
Re:ASP -t doesn't say jack (Score:2)
Personally I use a tiny SQL class that can be changed to allow different db to be used. Seems a tidier solution since the class is only about 20 lines.
Can't argue that register globals was a bad idea in the first place, but allowing users to still run older software needing it is a good idea. Shame they keep breaking other major functions in minor version increments though really, kinda makes keeping the stupid fun
Re:ASP -t doesn't say jack (Score:2)
Breaking major functions in minor version increments is another sign of how serious the PHP devs treat PHP. Not very reassuring - esp if you need to update PHP for say a security issue (we had to do a few of those). Only a few people will have tests for their entire code, and even then you never really know and have to g
Re:perl -T says it all (Score:2)
Taint checking isn't perfect, may have bugs in its implementation, and can't cover all possible cases. Taint checking is a wonderful tool, but it should only be one layer in a multi-layered defense. Don't view it as
Re:perl -T says it all (Score:1)
Other languages have tainting also. My favorite being Ruby, which not only has taint checking, but can also have different levels of tainting depending upon your security needs. Besides which I'm not sure how 'req
Murphy's Law strikes again. (Score:5, Insightful)
Just a little advice from a developer who's made enough mistakes to know better.
Re:Murphy's Law strikes again. (Score:2, Funny)
You do not have any children, now do you? ;-)
Re:Murphy's Law strikes again. (Score:3, Insightful)
That's good and necessary advice, but it's not sufficient, depending on your environment. If you're programming for the web, then you absolutely cannot rely on such things. Of course you should always set such constraints in the HTML where possible, but you *still* have to validate the inputs fully in your code.
In case the reason why isn't obvious, it's because URLs are very easy to hand craft. There's no way
Have a no-front-end-checking mode (Score:2)
Re:Have a no-front-end-checking mode (Score:2)
Basically, we have interface developers who take the Photoshop images that the designers/art directors produce, and use them as a blueprint to create the HTML pages. They also produce any javascript that we do use
Re:Have a no-front-end-checking mode (Score:3, Insightful)
That's a good point. I have seen developers mistake javascript for sufficient input validation. The proper use of validation in javascript is to simply give a legitimate user a proper error message quickly without actually needint to perform a transaction with the server that will fail. The server must still re-validate the input.
Re:Murphy's Law strikes again. (Score:2)
So you must allways assume that even if you used javascript that something may be a problem with input data. One must always check the input in the server side cause one never know what a evil computer using criminal might send in.
Too many use javascript for validation even hough it's useless for it. One always have to do validation in the server end any
Re:Murphy's Law strikes again. (Score:4, Insightful)
Software is required to do a lot more than any physical security measure in existance. Your webserver could come under attack by any electronic measures that you could conceive of by a host of trained software engineers in another country. Chances are that the most a bank vault is designed to handle is a dozen guys with small arms, rudimentary safe-cracking gear, and some small explosives. If the US Army showed up with an M1 tank and 1000 tons of C4, the safe wouldn't last long. However, such a large-scale intrusion is unlikely to escape the watch of the police for long. On the other hand, a remote attack against a webserver can run for months without much being done to the attackers if they're in a rogue nation.
hardly surprised that we have to go through this.. (Score:2, Insightful)
And why should anyone be surprised? In this age of "I read a book on VB last week and now I'm a software engineer!" type environment?
I am not surprised that simple things like this are rehashed over and over. This is more suited to the programmer group of people who will sort data based on string comparisons, instead of learning how to use a real algorithm to do it, or keep writing static forms, instead of learning how to use a loop with a db backend - because they don't understand true programming c
Re:hardly surprised that we have to go through thi (Score:1)
This is IBMs ON DEMAND Strategy!
Re:hardly surprised that we have to go through thi (Score:2)
Why the f*** does somebody have to tell you that you need to validate input? Why the f*** isn't that obvious??? If that sort of thing isn't painfully obvious to you, you probably should be in a different line of work, educated or not.
Interesting article? (Score:1)
I just wrote a document about secure programming and I found dozens of better articles about the exact same things like: here [slashdot.org]
Addendum (Score:1)
Perl's taint checking (Score:5, Informative)
From the FAQ:
As we've seen, one of the most frequent security problems in CGI scripts is inadvertently passing unchecked user variables to the shell. Perl provides a "taint" checking mechanism that prevents you from doing this. Any variable that is set using data from outside the program (including data from the environment, from standard input, and from the command line) is considered tainted and cannot be used to affect anything else outside your program. The taint can spread. If you use a tainted variable to set the value of another variable, the second variable also becomes tainted. Tainted variables cannot be used in eval(), system(), exec() or piped open() calls. If you try to do so, Perl exits with a warning message. Perl will also exit if you attempt to call an external program without explicitly setting the PATH environment variable.
Re:Perl's taint checking (Score:1)
Re:Perl's taint checking (Score:3, Interesting)
Untainting a variable by extracting a subpattern usually means "I know what I'm doing: I promise that I'll extract a safe substring from this". (Whether the developer *actually* knows what they're doing is, sadly, not detectable by Perl).
(As for -T not affecting a list passed to exec()/system(): that does seem odd, but maybe there's some Larger P
Re:Perl's taint checking (Score:2, Informative)
The purpose of taint checking is more as a debugging tool than an absolute check on illegitimate data. This fits with the general Perl view that the function of the language is to assist the programmer rather than to constrain him. Thus if you turn on taint checking, Perl will stop you from doing things directly using tainted data, but it lets you "launder" the data by running it through a regexp. This isn't a perfect solution, but anything that was radically better would be all-but impossible to code.
Speaking of inputs. (Score:1, Funny)
Keep an eye on buffer overruns (Score:2, Informative)
Re:Keep an eye on buffer overruns (Score:1)
Re:Keep an eye on buffer overruns (Score:2)
Where do you suppose the data for a buffer overrun comes from? Malicious input!
Re:Keep an eye on buffer overruns (Score:1)
Re:Keep an eye on buffer overruns (Score:3, Insightful)
Eliminate the buffer overflow and malicious input becomes invalid data which can be dealt with in a controlled fashion rather than executable gibberish.
What seems obvious to some... (Score:2, Insightful)
Dividing (Score:3, Interesting)
Secure coding documentation (Score:2, Informative)
XML [cgisecurity.com]
Web (Score:1)
Re:Web (Score:2)
When you're developing web applications, you've got to deal with the input in a few ways to be sure you can trust it:
Do the user a favor and validate the input on their end using javascript.
Repeat the validation on the server. Yes, that's right, repeat it. They could have javascript turned off, or could be deliberately bypassing the validation.
When validating input, don't simply check that you're getting what you expect. Also confirm that you aren't getting
Very good writer! (Score:1, Insightful)
Watch the USER! (Score:3, Interesting)
The proliferation of proprietary formats we are seeing that all do basically the same thing, like send sound files over the net, or view video clips, are encouraging mass downloads of programs from third party providers. These programs may well do what they said they would do, but with all this DMCA crap going on, its getting harder and harder to see if they are doing a little extra that wasn't in the bargain, like doing zombie work on the side to assist in little capers the originating author needs to pull off.
What firewall or systems programming can stop a deliberately malicious program installed by an ignorant user? Say the program "demands" access to the internet for "verification/auto-update", then you have to set the firewall to allow this program access to the net. Now what happens? Its like giving car keys to a valet parking agent. You only have to trust he's only going to do what he says he will do. To add insult to injury, consider you generally have signed any recourse you have when you click that "I agree" button that confirms you have read and understood the EULA.
What irritates me so about these "plug-ins", "macros", and "scripts" is that they are indeed executable. Nothing says the malicious person coding these things is gonna follow the rules. He is free to code some really nasties in assembler if he so desires. The state of music file distribution I find really disturbing. We have an MP3 format which is generally well understood, yet it seems everybody jumping on the bandwagon wants to use proprietary formats which are not generally understood, leaving us all open to the risks resulting from ignorance.
As a public, we aren't helping much. We agree to any damn thing they print in the EULA. As a public, we should INSIST that if we are to be kept ignorant by law how something works, if that something does something malicious, then its maker should have full responsibility for the problems it generated.
Basically I am proposing a trade. If you want the protection of law to keep the public ignorant, then you waive indemnity.
We have a patent system and copyright system in place. Both were implemented on the concept that the work was to be in the open. Why aren't encrypted work also known as "trade secret" and not afforded protection by copyright or patent? Basically, any work encrypted would be considered a "trade secret", not in the open, hence not eligible for protection by the patent or copyright system at all? But to make this happen, its gonna take the will of a lot of people to pressure the legislators to enact this. Pressure as in "if you do not do this, start polishing your resume.".
Perl security article in SysAdmin magazine (Score:5, Informative)
Some concrete examples would have been nice (Score:2)
For example, when talking about being aware of \0 characters, you could mention something like this: a friend of mine once wrote a jukebox-like web application that allowed people to queue requests on his machine. There was a certain input parameter that was restricted t
This was well documented in the 1970's (Score:3, Insightful)
The issue is making *no* assumptions about anything. The programmer *thinks* the file will be written be another piece of code that a team member is writing. But that program has a bug. or three years from now, other programs are creating the file and don't know abut some verbal discussion about field data. It takes great dligence and paranoia and management that allows you the time in the schedule to do this.
OK, what do you do when you validate it? (Score:3, Insightful)
environment variables (Score:3, Funny)
The article is interesting, and they are right to point out the many dangers of relying on environment variables. Where I work (unidentified to protect the incompetent), programmers are not allowed access to the unix command line. Instead, all user exits are trapped, and programmers are forced to navigate through a homegrown menu system.
This menu system relies on an environment variable ${WHATCANIDO} to store a list of permissions available to that user. Of course, I changed my .profile to add my own extension to the permission list. I even nicely dated, initialed, and described my change. ;)
export WHATCANIDO=world_domination:$WHATCANIDO # 2000/10/31 tw Too easy
So now when I get frustrated with the absurdity of this arrangement, I just take echo the environment variable to remind myself why I'm right and they're wrong.
> echo $WHATCANIDO
world_domination: [deleted]
What about BIOS? Do you have to trust something? (Score:3, Insightful)
I don't argue against validating inputs. Certainly all of the direct inputs to an application should be assumed to be untrustworthy unless a secure checksum validates that the inputs are indentical to some previously validated inputs. Checking inputs (or environmental variables) of immediately adjacent processes is probably also warranted (as a redundant "brother's keeper" policy).
The real problem comes if the OS has a faulty validation methods. (And I won't get into the neccessity of trusting the hardware or bugs such as those that plagued the early Intel 586.00001 processors) If I check the validity of a user, filename, or geographically localized data format (e.g., a date), then my application is dependent on the quality of the OS's validator (and a lack of intervening malware).
Problem: Hacker Languages (Score:2, Interesting)
Almost everything in this article only applies because of hacker languages like C and C++, which Linux and FreeBSD use for virtually everything. It is so easy to forget to double-check bounds, input format, pointers, and all the other usual suspects. It's bizarre how programmers will use these error-prone languages for marginal performance gains just because their ego and haxor status is on the line. Sure, the kernel and drivers need to be in C. Sure, a Java VM needs to be in C. Sure, C++ is a good lan
Re:Problem: Hacker Languages (Score:4, Insightful)
What world are you living in? Blaming poor technique on the tool used is moronic. There are ample examples of poorly written, poorly secured Java code the invalidate all of the premises in this rant. I've seen hard coded passwords baked into java source that were visible through a 'strings' call. Someone forgets to obfuscate his or her classes, and the entire structure of the program is available through a reverse compiler. Sure, the JVM protects one from buffer overruns and the like but don't for one minute think that programming in Java prevents stupid errors from exposing you to vulnerabilities.
Not to mention there are areas where java is not the silver-bullet you describe. If you need precise control over your memory allocation, java is not the tool to use. If your application requires precise timing, java is not the tool to use. Need to control over the placement of allocated memory? Writing your own transport layer? Need hooks into the kernel?
The prime directive still holds true - use the correct tool for the job at hand. Follow the lemmings of "this tool is the only one you need" at your peril.
Re:Problem: Hacker Languages (Score:2)
An important difference between writing in C or some other unsafe language, and writing in Java/Perl or some other safer language is that, a simple mistake in the former tends to let the "attacker run arbitrary machine code of his own choice" whereas the latter tends not to.
Of course there will be "attacker runs arbitrary SQL code/etc" but these are at least at a higher level and can usually be handled with safe interfaces/APIs. Whereas C is full o
Re:file this under: (Score:2)
jesus christ on a pogo stick... somebody had to put this in an fsking security magazine?
Given that every single way to compromise security involves bad input, it's not surprising that it's in a security magazine.
Re:file this under: (Score:2, Interesting)
"Given that every single way to compromise security involves bad input, it's not surprising that it's in a security magazine."
What about program bugs that are not input related? If a program breaks when an internal timer overflows for example, or accessing a section of memory that has been deallocated. Such bugs can easily cause breaches in security as well as general system failure, all without any human intervention. It reminds me of the black out that Sterling mentions:
http://www.lysator.liu.se/etex [lysator.liu.se]
Re:file this under: (Score:2, Interesting)
The basic point is (translation: should be) self-evident, of course. And the points made in the article will (translation: should) be well-known to anyone who's spent a few years deploying apps in the DMZs that the Bigcorps use as their presence on the Big Bad Internet... but I found a few points in it and the referenced resources to add to my list as a beginner in that area.
Basic point, I suppose, is that if you insist on using a U*ix-family
Re:Huh? (Score:1, Offtopic)
Hint: Not Americans
Re:Hmmm... (Score:3, Funny)
Here is my input, here is my out.