[TALK] Proving fundamental Unix guarantees

Steve Landers steve at DigitalSmarties.com
Mon Jun 30 16:35:15 EST 2003

On Monday, June 30, 2003, at 02:28  PM, Peter Jeremy wrote:

> The vendor has suggested that the
> kernel passes memory to the application without initialising it and
> therefore it is a bug in the application.

Ask your vendor if this means their OS has an exploitable security flaw 
- that a malicious application could scan through uninitialised memory 
looking for private information from another process.

I'd be interested to hear their reaction ;-)


More information about the Talk mailing list