Ben Laurie wrote:
In OpenSSL we overwrite with random gunk for this reason.
What? No compiler is smart enough to say, The program
sets these variables but they are never referenced again.
I'll save time and not set them.
-
Eric Rescorla wrote:
Cryptography readers who are also interested in systems security may be
interested in reading my paper from the Workshop on Economics
and Information Security '04:
Is finding security holes a good idea?
Eric Rescorla
RTFM, Inc.
A large amount of effort is
Ben Laurie [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
Cryptography readers who are also interested in systems security may be
interested in reading my paper from the Workshop on Economics
and Information Security '04:
Is finding security holes a good idea?
Eric Rescorla
On Mon, Jun 14, 2004 at 11:31:23AM +, [EMAIL PROTECTED] wrote:
Ben Laurie wrote:
In OpenSSL we overwrite with random gunk for this reason.
What? No compiler is smart enough to say, The program
sets these variables but they are never referenced again.
I'll save time and not set them.
On Monday 14 June 2004 13:31, [EMAIL PROTECTED] wrote:
Ben Laurie wrote:
In OpenSSL we overwrite with random gunk for this reason.
What? No compiler is smart enough to say, The program
sets these variables but they are never referenced again.
I'll save time and not set them.
Most modern
What? No compiler is smart enough to say, The program
sets these variables but they are never referenced again.
I'll save time and not set them.
Given the semantics of C pointers, and multiple compilation units, the
answer to your question is probably not in non-research use.
/r$
--
Ariel Waissbein [EMAIL PROTECTED] writes:
Roughly speaking:
If I as a White Hat find a bug and then don't tell anyone, there's no
reason to believe it will result in any intrusions. The bug has to
become known to Black Hats before it can be used to mount
intrusions. This can
In message [EMAIL PROTECTED], Ben Laurie writes:
What you _may_ have shown is that there's an infinite number of bugs in
any particularly piece of s/w. I find that hard to believe, too :-)
Or rather, that the patch process introduces new bugs. Let me quote
from Fred Brooks' Mythical