Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Mon, 28 Oct 2002 02:41:11 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Mon, 28 Oct 2002 02:41:11 -0500 Received: from tapu.f00f.org ([66.60.186.129]:49117 "EHLO tapu.f00f.org") by vger.kernel.org with ESMTP id ; Mon, 28 Oct 2002 02:41:10 -0500 Date: Sun, 27 Oct 2002 23:47:30 -0800 From: Chris Wedgwood To: "Henning P. Schmiedehausen" Cc: linux-kernel@vger.kernel.org Subject: Re: One for the Security Guru's Message-ID: <20021028074730.GA22228@tapu.f00f.org> References: <1035453664.1035.11.camel@syntax.dstl.gov.uk> <1035479086.9935.6.camel@gby.benyossef.com> <1035539042.23977.24.camel@forge> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i X-No-Archive: Yes Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 965 Lines: 23 On Sat, Oct 26, 2002 at 10:43:29AM +0000, Henning P. Schmiedehausen wrote: > But my point is, that these beasts normally don't run a general > purpose operating system and that they're much less prone to buffer > overflow or similar attacks, simply because they don't use popular > software with known bugs (e.g. OpenSSL) or these functions (like > doing crypto) are in hardware. As someone who has worked on a couple of these which are presently on the market I can assure you that many of these things have plenty of 'popular software' in them... albeit hacked up and mangled to bits at times... but it's there, and often vulnerable to many of the same problems you would have under Linux/Apache/whatever. --cw - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/