[TALK] Proving fundamental Unix guarantees
Steve Landers
steve at DigitalSmarties.com
Mon Jun 30 16:35:15 EST 2003
On Monday, June 30, 2003, at 02:28 PM, Peter Jeremy wrote:
> The vendor has suggested that the
> kernel passes memory to the application without initialising it and
> therefore it is a bug in the application.
Ask your vendor if this means their OS has an exploitable security flaw
- that a malicious application could scan through uninitialised memory
looking for private information from another process.
I'd be interested to hear their reaction ;-)
Steve
More information about the Talk
mailing list