[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: OpenSSH: What went wrong?
From: Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date: 2002-06-28 20:39:31
[Download RAW message or body]
> In some mail from Theo de Raadt, sie said:
> [...]
> > > What situations exist now (vs earlier in the project life) that might have
> > > made it easier for something like this to happen?
> > > Is this a new kind of vulnerability, or a 'standard' one that just got missed?
> > > How has the management of the project dealt with the issue?
> >
> > This bug was different from a technical standpoint. It was really
> > hard to spot. There were two bugs. One is that it uses an int off
> > the network without checking. But the real bug is an integer
> > overflow, and noone is looking for those yet. The code looked safe.
> [...]
>
> So what are you doing to prevent this sort of thing from reoccuring ?
We audit continually. You don't help.
> What I'd expect, for starters, is quite simply that all "new" code must
> be audited before a "major" OpenSSH release is made.
This code has been under development continually, and this bug is old and
subtle.
Yet, you don't help.
> I'd also expect that in an application like OpenSSH is for all inputs to
> be checked (this one wasn't). This new code should have been rejected
> by someone before it got into the CVS tree for OpenSSH because it was
> missing things like this.
Where is your help?
> I don't particularly like the idea that this is a "new type of overflow".
The real tricky part is arithmetic overflow.
Wait till you see what u_int vs int and > and < are going to cause.
> What that says to me is that you aren't really auditting software
> properly if these kinds of things have slipped through previous audits.
And are you helping?
> Just for something different, maybe you should get together and have an
> auditathon rather than a hackathon.
Why are you telling us to do what we already do, when you don't do any
of it?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic