On 04/20/04(13:02) you Tim Smith <tims@..au> wrote
|hello i like delegates features and it seems to be the general prupose
|proxy i am looking for. however i have been googling and in the past
|delegate has gotten a bad rap for buffer over flows.
|what is the current status and is delegate considered a secure piece of
I think it is so difficult to say some piece of software is secure.
Almost all of C programs or libraries have been suffered from buffer
overflows despite they tried or claimed to be secure.
On DeleGate, although I've found and removed buffer overflows from time
to time, I don't think I can make DeleGate free from overflows as long
as I'm writing it in C, so I introduced mechanisms to prevent overflows
from being exploited, or make the exploitation difficult. It includes
randomization of text/code base at compile time and randomization of
stack/heap address at run-time, running DeleGate process without
privilege and confined in changed root directory.
Also there are many devices to improve the security of C programs.
Many compilers or libraries support detecting overflows before it occurs,
or right after it occurred. Those who want make a software be secure
should use those tools and platforms to make it secure.
D G Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
( - ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
On 02/15/02(15:39) you feedback@delegate.. (Yutaka Sato) wrote
|On 02/15/02(15:27) you proto sy <protosy@yahoo..> wrote
| |I have been doing some reading and came acrossed some
| |rather unfortunate information with regards to
| |security vulnerabilities in the DeleGate proxy server.
| | Apparently there are some serious issues with
| |DeleGate and buffer overflow attacks that can result
| |in a machine being 'rooted'.
| |Do you have any intention of resolving these overflow
| |issues in the relatively near future?
|I wrote about it sometimes here (DeleGate-En), most recently in
| |I am happy to share with you the reference materials
| |if you would like.
|The reference manual of DeleGate mentions about it.
| @ @ Yutaka Sato <y.sato@delegate..> http://www.delegate.org/y.sato/
| ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
|_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan