Jeremy Allison, of the Samba project, reflects on the recent security flaws in Samba, how responses (and response times) have changed over time, and how they try to avoid new security problems. "What we do now on seeing a security bug is immediately audit the entire code-base to discover if there are any similar problems, or even similar coding practices that might cause future problems, and re-write or remove all such code. It takes longer, but is much safer in the long run. If you examine parts of the Samba code you'll find common functions that are known to be insecure simply won't compile if added to our code. A set of automated macros warns of any use of known bad functions." (thanks to Richard Hillesley)
News stories are provided by third parties, used with permission,
and copyright of their various respective owners.
Answers 2000 Limited has not necessarily reviewed,
and does not necessarily endorse or
agree with any content of, or views expressed in, all such items.
Comments are posted by our users. Answers 2000 Limited has not
necessarily reviewed,
and does not necessarily endorse or
agree with any content of, or views expressed in, comments.
