Notes for March 10, 1997

  1. Hello
    1. Projects due Friday
  2. Certificates
    1. Binding key to name, notion of issuer
    2. PEM trust hierarchy, certificate types
    3. X.509/PGP web of trust model
  3. Common Implementation Vulnerabilities
    1. Unknown interaction with other system components (DNS entry with bad names, assuming finger port is finger and not chargen)
    2. Overflow (year 2000, 2038 for UNIX, lpr overwriting flaw, sendmail large integer flaw, su buffer overflow)
    3. Race conditions (xterm flaw, ps flaw)
    4. Environment variables (vi one-upsmanship)
    5. Not resetting privileges (Purdue Games incident)


You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to cs153@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562



Page last modified on 3/15/97