[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH: What went wrong?

To: mrman@darkside.org (Joseph W. Shaw II)
Subject: Re: OpenSSH: What went wrong?
From: Darren Reed <avalon@coombs.anu.edu.au>
Date: Sat, 29 Jun 2002 17:26:54 +1000 (Australia/ACT)
Cc: misc@openbsd.org

In some mail from Joseph W. Shaw II, sie said:
[...]
> I'm the last person to defend Theo, but I have to ask.  Has your code been
> audited for integer overflows yet?  Of course, you had the whole format
> string bug issue taken care of well before they became popular, right?

Since you've asked, I'll answer.  I didn't worry about the format string
problem when it became popular because I don't believe any of my code was
written in such a way that it was a problem.  As for integer overflows,
no, I haven't auditted for them (I wouldn't expect to find any, either).
I have other, problems, to worry about instead that are generally less
easy to fix than these.

Darren

Follow-Ups:
- Re: OpenSSH: What went wrong?
  - From: Alfred Breull <puma@hannover.sgh-net.de>
- Re: OpenSSH: What went wrong?
  - From: Philipp Buehler <OpenBSD@fips.de>
- Re: OpenSSH: What went wrong?
  - From: Artur Grabowski <art@blahonga.org>

References:
- Re: OpenSSH: What went wrong?
  - From: "Joseph W. Shaw II" <mrman@darkside.org>

Prev by Date: Re: tech-security@netbsd.org filtering
Next by Date: Re: tech-security@netbsd.org filtering
Prev by thread: Re: OpenSSH: What went wrong?
Next by thread: Re: OpenSSH: What went wrong?
Index(es):
- Date
- Thread