Security Portal: Why We're Doomed to FailureMay 11, 2000, 06:36 (0 Talkback[s])
(Other stories by Kurt Seifried)
"I'm in a strange mood and was thinking about various things, one of which was the quantity of information on the weekly Linux security digest. I was doing the BSD digest a few days ago, and it struck me, OpenBSD has far fewer problems. To be fair they are not 100% free of security problems, but they are closer then most to that goal. I think the following quote sums up a lot of this article:"
"Security is a process, not a solution."
"Even if we design a process that is fault tolerant, very robust, and easy to implement, we are still doomed to failure in almost all cases. One of the most popular ways to break into computer systems is through the buffer overflow. This is usually due to a fault in the way the software handles user input, network traffic, command line arguments, and so on, in programs that run as root (setuid programs, or network daemons that do not drop privileges properly). The most obvious solution to this problem would be to audit the software and remove any potential problems, OpenBSD took this route, and it has worked relatively well. However, it is not a panecea."
0 Talkback[s] (click to add your comment)