Notes for March 12, 1997

1.	Hello

a.	Projects due Friday; if you want an extension until Monday, give me a note which 
says that you are requesting the extension and you waive any objections to turn-
ing in work during final time. It must be hardcopy and signed; if itēs a group project, 
it must be signed by all members of the group.

2.	Common Implementation Vulnerabilities

a.	Unknown interaction with other system components (DNS entry with bad names, 
assuming finger port is finger and not chargen); quick review

b.	Overflow (year 2000, 2038 for UNIX, lpr overwriting flaw, sendmail large integer 
flaw, su buffer overflow)

c.	Race conditions (xterm flaw, ps flaw)

d.	Environment variables (vi one-upsmanship, loadmodule)

e.	Not resetting privileges (Purdue Games incident)