Article delegate-en/1291 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: secuirty implications
15 Aug 2001 10:04:44 GMT "Uzoka, Afam" <pbecqbdyi-bfkmicezrc3r.ml@ml.delegate.org>


Thanks for your speedy reply!!  Much appreciated

-----Original Message-----
From: feedback@delegate.org [mailto:feedback@delegate.org]
Sent: 15 August 2001 06:17
To: feedback@delegate.org
Cc: pbecqbdyi-bfkmicezrc3r.ml@ml.delegate.org
Subject: Re: [DeleGate-En] secuirty implications


On 08/14/01(23:40) you "Uzoka, Afam" <pbecqbdyi-bfkmicezrc3r.ml@ml.delegate.org> wrote
in <_A1289@delegate-en.ML_>
 |Im trying to find a means of enabling our clients to use ssl via a proxy
 |like Delegate.  It will run on a Linux server.  However what are the
 |security problems associated with Delegate.  In other words does it have
any
 |buffer overflow issues.  From what I have researched on the net Delegate
is
 |not to be trusted at all because of bugs ( overflow issues) that make the
 |product a secuiry hazard.  However the articles read were about 2 years
old.

I've fixed any remotely exploitable buffer overflows as soon as I got
reports about them, but I don't guarantee that no overflows remain.
Maybe there are overflows as long as I'm using the programming language
which allows buffers to overflow.  Thus I've introduced defense mechanisms
which protect overflows from being utilized by attackers.  The main
mechanism is randomizing any addresses of program elements, that is code
and data in static or dynamic area.
See the reference manual for more details:
<URL:http://www.delegate.org/delegate/Manual.htm#defense>

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology
(AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan

This message is confidential and is intended for the addressee only; unless clearly 
stated that this disclaimer should not apply, this e-mail is not intended to create legally
 binding commitments on behalf of any company in the British Interactive Broadcasting 
Holding Limited group, nor do its contents reflect the corporate views or policies of any 
such company. Any unauthorised disclosure, use or dissemination, either whole or 
partial, is prohibited. If you are not the intended recipient of the message, please notify 
the sender immediately.


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V