February 9, 2004

The Speed of Security

Ashcrow writes "A few months ago, I filed a bug report with Apple about their xnu kernel. At that time, they were using strcat and strcpy in kernel and allowing for strncpy and strncat, though not using it to replace the old str* functions. My report basically told about the problem this could have with buffer overflows in kernel, and how strl* functions are just plain safer for everyone. I also included a forwarding function idea where strn* and str* would forward to strl* so no matter what function code used it would be safer.

A few months after the bug report, and getting no real word back from Apple, I decided to take a look at the current source of the xnu kernel to see if they took my advice."

Link: GNULinux.net

Click Here!