From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Viro To: 9fans@cse.psu.edu Subject: Re: [9fans] Plan 9 (in)security In-Reply-To: <200105262323.f4QNNF904664@ducky.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Sat, 26 May 2001 21:40:59 -0400 Topicbox-Message-UUID: a93c27e4-eac9-11e9-9e20-41e7f4b1d025 On Sat, 26 May 2001, Mike Haertel wrote: > >OK, it's not a security hole - you'd need to have access to /dev/draw on > >CPU server [...] > > I agree that there are local security holes and they're bad, however > network security holes are lots worse. If you accept requests from the outside. Sloppy code != security hole and it is bad regardless of the exploit potential. It's a breeding ground for bugs that are annoying and hard to find. The thing being, most of that stuff can be found by grep. And if you dig around you are going to see something bogus that is really worth fixing regardless of the chances to get that particular bug exploited. Usually - bad interface... By the way, why on the Earth number of characters in font is passed as 32bit value when you can set glyphs only for characters with numbers that fit into 16 bits?