Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 09 Oct 2014 00:03:13 -0400
From: "David A. Wheeler" <dwheeler@...eeler.com>
To: oss-security@...ts.openwall.com,Michal Zalewski <lcamtuf@...edump.cx>
Subject: Re: Thoughts on Shellshock and beyond

I would take a functional approach to this: is there a way an attacker could send data that would be misinterpreted as code? If so, could that harm anything?

It is obviously much better if the communication does not use shared resources (like the environment). But this is all logical - in the end all of this is in the same memory. The goal is to maximize the separation enough so that attackers cannot misuse it.  The better the separation, the less risk later.
 

--- David A.Wheeler

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ