Re: [9fans] Plan 9 (in)security

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Alexander Viro <viro@math.psu.edu>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Plan 9 (in)security
Date: Sat, 26 May 2001 21:40:59 -0400	[thread overview]
Message-ID: <Pine.GSO.4.21.0105262105470.1945-100000@weyl.math.psu.edu> (raw)
In-Reply-To: <200105262323.f4QNNF904664@ducky.net>

On Sat, 26 May 2001, Mike Haertel wrote:

> >OK, it's not a security hole - you'd need to have access to /dev/draw on
> >CPU server [...]
> 
> I agree that there are local security holes and they're bad, however
> network security holes are lots worse.

If you accept requests from the outside. Sloppy code != security hole and
it is bad regardless of the exploit potential. It's a breeding ground for
bugs that are annoying and hard to find.

The thing being, most of that stuff can be found by grep. And if you dig
around you are going to see something bogus that is really worth fixing
regardless of the chances to get that particular bug exploited. Usually -
bad interface...

By the way, why on the Earth number of characters in font is passed as 32bit
value when you can set glyphs only for characters with numbers that fit
into 16 bits?

next prev parent reply	other threads:[~2001-05-27  1:40 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-05-26 19:54 Mike Haertel
2001-05-26 22:47 ` Alexander Viro
2001-05-26 23:23   ` Mike Haertel
2001-05-27  1:40     ` Alexander Viro [this message]
2001-05-28  4:40     ` Lucio De Re
2001-05-26 23:02 jmk
2001-05-26 23:22 ` Alexander Viro
2001-05-27  0:52 Russ Cox
2001-05-27  4:27 rob pike
2001-05-27  6:43 ` Richard Elberger
2001-05-29  9:17   ` Douglas A. Gwyn
2001-06-29  9:23     ` Alex Danilo
2001-06-29 13:57       ` Douglas A. Gwyn
2001-06-29 21:08         ` Boyd Roberts
2001-05-27 15:00 rob pike
2001-07-02  1:38 okamoto
2001-07-02  2:03 ` Jim Choate
2001-07-02 11:56   ` rob pike
2001-07-02 12:01 nigel
2001-07-02 12:05 ` George Michaelson
2001-07-02 12:07 ` rob pike
2001-07-02 15:02 Sape Mullender
2001-07-02 15:52 ` Dan Cross
2001-07-02 16:24 ` Sam Ducksworth
2001-07-02 18:10 David Gordon Hogan
2001-07-02 19:09 ` Dan Cross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.GSO.4.21.0105262105470.1945-100000@weyl.math.psu.edu \
    --to=viro@math.psu.edu \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).