Fw: [ale] Linux: Secure and Limits? - somewhat off topic

[Frank Zamenski]

Thanks Jim, I appreciate your comments, and those of all the others whom
took the time to reply. I've a better appreciation of the problem as a
result.

Frank

----- Original Message -----
 From: Jim Lynch <jwl at sgi.com>
To: Frank Zamenski <fzamenski at voyager.net>
Sent: Tuesday, November 16, 1999 1:46 PM
Subject: Re: [ale] Linux: Secure and Limits? - somewhat off topic


> Buffer overflows occur when you (as a programmer) do something stupid
> like reading input from an untrusted source into an array in memory
> without placing a upper bound on the amount of data that you are
> reading.  It turns out that is easy to do in the C language.  A number
> of programs have been written in the past that suffered from this
> problem.  Many if not most have been fixed.  "Why would this cause a
> security problem?" you might ask.  'cause some smart fella figured out
> what was in memory beyond the end of the buffer you just overflowed and
> wrote something there that would benefit him, or hurt you.
>
> As programmers get smarter and tools more sophisticated, this problem
> will probably go away.
>
> Jim.
>
> Frank Zamenski wrote:
> >
> > Sorry, I'm just an IS network operations person (as well as being a
> > non-programmer other than having some very basic pgmg courses at the
A.A.S.
> > level, most of which I've allready forgotten due to non-useage but
mainly
> > for also having a low aptitude for). What are 'buffer overflows' and how
are
> > these exploited? Not looking to cause mischief, that's below my ethical
> > standards and way beyond my capabilities anyway, just noting that these
> > kinds of sploits in general seem commonplace amongst all Intel OS
platforms,
> > and I'm desiring some better understanding from the bright programming
minds
> > that hang out here. :-)
> >
> > TIA.
> > ..fgz
> >
> > Flames worded in the form of a question cheerfully accepted!  :-)
> >
> > ----- Original Message -----
> > From: Steven Rice <stevenrice at marnuke.penguinpowered.com>
> > To: <ale at ale.org>
> > Sent: Saturday, November 13, 1999 1:15 AM
> > Subject: [ale] Linux: Secure and Limits?
> >
> > > Compare to other NIX's, how secure and how limiting is Linux?
> > >
> > > >From my experince with *NIX, it has told me Linux is
> > > limited in what it can do unless you account for Beowulf stuff.
> > > But what about being secure?  Compare to larger UNIX'ies like
> > > HP-UX, AIX, Solaris, or SINIX how "secure" is Linux??  It seams
> > > like it would be hard to setup a secure box (secure being able to
> > > keep out the top .02% of crackers) due the amount of limits and
> > > nature buffer overflow in the kernel.
> > >
> > > If you can give a example please do and send flames to /dev/null
> > >
>