Notes for October 11, 1999

  1. Greetings and Felicitations!
  2. Puzzle of the Day
  3. Robust Programming
    1. Cover the robust versions of the routines
    2. Error handling
  4. Common Implementation Vulnerabilities
    1. Unknown interaction with other system components (DNS entry with bad names, assuming finger port is finger and not chargen)
    2. Overflow (year 2000, lpr overwriting flaw, sendmail large integer flaw, su buffer overflow)
    3. Race conditions (xterm flaw, ps flaw)
    4. Environment variables (vi one-upsmanship, loadmodule)
    5. Not resetting privileges (Purdue Gamesincident)

Send email to cs153@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562


Page last modified on 10/11/99