> There will always be poor programmers out there so long as we don't > require authenticated IQ results with each software packages :). True. But I'd place the period after "there". Even requiring "authenticated IQ results" wouldn't help much, though: (a) The presence of intelligence is no guarantee of its use. (Anyone who's hung out with Mensans knows this.) (b) Even the best programmers make mistakes. (I recently installed inn 2.0. It comes with inndstart, a little set-uid program that's designed to be small enough to be vetted by hand by paranoid sysadmins. Reading over the code, I found two buffer overruns - sprintf of user data into a fixed-size buffer. I've mailed inn-bugs about them, and don't mind mentioning them here anyway because they aren't obviously exploitable. My point is just that inn is *not* the work of the room-temperature IQ crowd, and it *still* has a classic buffer overrun, in a program specifically intended to be a tiny little secure do-one-thing.) der Mouse mouseat_private 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:27 PDT