Scanning Formats (TIFF vs. JPEG)

Don THX1138 at
Fri Aug 18 13:39:29 CDT 2006

Chuck Guzis wrote:
> On 8/18/2006 at 5:59 PM Jules Richardson wrote:
>> As an aside: I've never quite understood these OS image vunerabilities. 
>> Doesn't any modern OS provide sufficient protection such that a process
>> can't just stomp all over memory at random? Unless the problem is just a
> Windows 
>> thing...
> Sloppy programming (really, there's no excuse for not including
> bounds-checking when decoding)is a big part of the picture.  In Windows'
> case, a lot of the vulnerabilities seem to be a combination of sloppy
> coding and including "features" that have vulnerabilities inherent. (e.g.
> OLE in browser applets, executables in email attachments...)  Of course, if
> a set of object libraries with inherent vulnerabilities in them is used,
> bugs get re-used too.

*MY* concern is how do you let FOREIGN code into your world
AND still protect things?  I.e. I can do my best to keep
*my* code bug-free... but, I can't keep "your" code bug-free!
Yet, I need to keep my *system* invulnerable to bugs that you
let creep in.  :-(   (writing good OS's requires considerably more
forethought than writing good *apps*!  :< )

More information about the cctalk mailing list