|
Message-ID: <0B2F4D3E-2256-4D67-81AF-224667C569CE@dwheeler.com> Date: Thu, 09 Oct 2014 00:03:13 -0400 From: "David A. Wheeler" <dwheeler@...eeler.com> To: oss-security@...ts.openwall.com,Michal Zalewski <lcamtuf@...edump.cx> Subject: Re: Thoughts on Shellshock and beyond I would take a functional approach to this: is there a way an attacker could send data that would be misinterpreted as code? If so, could that harm anything? It is obviously much better if the communication does not use shared resources (like the environment). But this is all logical - in the end all of this is in the same memory. The goal is to maximize the separation enough so that attackers cannot misuse it. The better the separation, the less risk later. --- David A.Wheeler
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.