Notes for March 10, 1997
-
Hello
- Projects due Friday
-
Certificates
-
Binding key to name, notion of issuer
-
PEM trust hierarchy, certificate types
-
X.509/PGP web of trust model
-
Common Implementation Vulnerabilities
-
Unknown interaction with other system components
(DNS entry with bad names, assuming finger port is finger and not chargen)
-
Overflow (year 2000, 2038 for UNIX, lpr overwriting flaw,
sendmail large integer flaw, su buffer overflow)
-
Race conditions (xterm flaw, ps flaw)
-
Environment variables (vi one-upsmanship)
-
Not resetting privileges (Purdue Games incident)
You can also see this document as a
Binhex Framemaker version 5 document,
Postscript document,
or a
plain ASCII text document.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 3/15/97