[DeleGate-En] Re: secuirty implications
On 08/14/01(23:40) you "Uzoka, Afam" <firstname.lastname@example.org> wrote
|Im trying to find a means of enabling our clients to use ssl via a proxy
|like Delegate. It will run on a Linux server. However what are the
|security problems associated with Delegate. In other words does it have any
|buffer overflow issues. From what I have researched on the net Delegate is
|not to be trusted at all because of bugs ( overflow issues) that make the
|product a secuiry hazard. However the articles read were about 2 years old.
I've fixed any remotely exploitable buffer overflows as soon as I got
reports about them, but I don't guarantee that no overflows remain.
Maybe there are overflows as long as I'm using the programming language
which allows buffers to overflow. Thus I've introduced defense mechanisms
which protect overflows from being utilized by attackers. The main
mechanism is randomizing any addresses of program elements, that is code
and data in static or dynamic area.
See the reference manual for more details:
@ @ Yutaka Sato <email@example.com> http://www.delegate.org/y.sato/
( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan