James Antill wrote: > Yes, it's usualy a bug but yes those bugs are usualy very bad > security wise. > > It is also the only thing that FormatGuard protects against, are we > having different conversations? I suspect that you're mistaken about "the only thing that FormatGuard protects against", but I can't tell because I don't understand your claim. FormatGuard is a *dynamic* check: There exists correct code that has dynamic format strings (internationalization being the primary example). Static checks cannot protect against format bugs without gitching about i18n code. FormatGuard can. So with that clarification, can you explain how some other defense does what FormatGuard does? Thanks, Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com//Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Wed May 30 2001 - 14:37:01 PDT