Re: One for the Security Guru's

Chris Wedgwood (cw@f00f.org)
Sun, 27 Oct 2002 23:47:30 -0800


On Sat, Oct 26, 2002 at 10:43:29AM +0000, Henning P. Schmiedehausen
wrote:

> But my point is, that these beasts normally don't run a general
> purpose operating system and that they're much less prone to buffer
> overflow or similar attacks, simply because they don't use popular
> software with known bugs (e.g. OpenSSL) or these functions (like
> doing crypto) are in hardware.

As someone who has worked on a couple of these which are presently on
the market I can assure you that many of these things have plenty of
'popular software' in them... albeit hacked up and mangled to bits at
times... but it's there, and often vulnerable to many of the same
problems you would have under Linux/Apache/whatever.

--cw

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/