Article delegate-en/2611 of [1-4225] on the server localhost:7119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A2598@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en
[DeleGate-En] Re: security
11 May 2004 15:41:19 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project 
On 04/20/04(13:02) you Tim Smith <tims@..au> wrote
in <_A2598@delegate-en.ML_>
 |hello i like delegates features and it seems to be the general prupose 
 |proxy i am looking for. however i have been googling and in the past 
 |delegate has gotten a bad rap for buffer over flows.
 |what is the current status and is delegate considered a secure piece of 
 |software?

I think it is so difficult to say some piece of software is secure.
Almost all of C programs or libraries have been suffered from buffer
overflows despite they tried or claimed to be secure.

On DeleGate, although I've found and removed buffer overflows from time
to time, I don't think I can make DeleGate free from overflows as long
as I'm writing it in C, so I introduced mechanisms to prevent overflows
from being exploited, or make the exploitation difficult.  It includes
randomization of text/code base at compile time and randomization of
stack/heap address at run-time, running DeleGate process without
privilege and confined in changed root directory.

Also there are many devices to improve the security of C programs.
Many compilers or libraries support detecting overflows before it occurs,
or right after it occurred.  Those who want make a software be secure 
should use those tools and platforms to make it secure.

Cheers,
Yutaka
--
  D G   Yutaka Sato <pfqcabdyi-mxhgu47cnp3w.ml@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan


On 02/15/02(15:39) you feedback@delegate.. (Yutaka Sato) wrote
in <_A1531@delegate-en.ML_>
 |On 02/15/02(15:27) you proto sy <protosy@yahoo..> wrote
 |in <_A1530@delegate-en.ML_>
 | |I have been doing some reading and came acrossed some
 | |rather unfortunate information with regards to
 | |security vulnerabilities in the DeleGate proxy server.
 | | Apparently there are some serious issues with
 | |DeleGate and buffer overflow attacks that can result
 | |in a machine being 'rooted'.  
 | |
 | |Do you have any intention of resolving these overflow
 | |issues in the relatively near future?  
 |
 |I wrote about it sometimes here (DeleGate-En), most recently in
 |<URL:http://www.delegate.org/mail-lists/delegate-en/1527>
 |
 | |I am happy to share with you the reference materials
 | |if you would like.
 |
 |The reference manual of DeleGate mentions about it.
 |<URL:http://www.delegate.org/delegate/Manual.htm#defense>
 |
 |Cheers,
 |Yutaka
 |--
 |  @ @ Yutaka Sato <y.sato@delegate..> http://www.delegate.org/y.sato/
 | ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
 |_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V