17 Dec
2003
17 Dec
'03
6:17 p.m.
At 08:35 PM 8/20/96 -0700, some anonym remailer user wrote:
All webservers (except maybe Spinner?) are riddled with buffer overrun bugs and other similar security holes. If you run a webserver, you should basically assume that anyone who really wants a shell on your machine can get one. Grab your favorite webserver and grep for sprintf.
Fred Cohen put out an 80-line-C GET-only HTTP server which is short enough to verify that it doesn't have security bugs like memory leaks, etc. It's not blazingly fast, and all it does is server pages, but it's clean. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # <A HREF="http://idiom.com/~wcs"> Reassign Authority!