PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Ajax Edit in Place Using Prototype
In Case You Missed It... The Week of May 16, 2005
Site Maintenance & Transition
Reading RSS feeds in PHP: Part 2
Book Review: Pro PHP, XML and Web Services

Re: [PHP-DEV] CVS Account Request From: Zeev Suraski (zeev <email protected>)
Date: 11/15/00

Next message: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
Previous message: Sterling Hughes: "Re: [PHP-DEV] CVS Account Request"
In reply to: Andrei Zmievski: "Re: [PHP-DEV] CVS Account Request"
Next in thread: Andrei Zmievski: "Re: [PHP-DEV] CVS Account Request"
Reply: Andrei Zmievski: "Re: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 23:56 15/11/2000, Andrei Zmievski wrote:
>On Wed, 15 Nov 2000, Zeev Suraski wrote:
> > So, did you find the buffer overflow bug in Onn's fribidi extension?
>
>This is getting ridiculous now. You know that buffer overflows can be
>extremely difficult to spot, even by the author himself. If you are
>equating that with a malicious attack, then I don't really understand
>what it is you are proposing. Having people mail in patches to people
>with CVS access all the time has its own problems - CVS committers may
>just start applying patches without looking them over or not really
>finding these buffer overflow bugs, so what's the difference who commits
>the code?

About buffer overflows, that's true, but I doubt anybody looked at his code
at all. I think an obvious exploit would have gone in just fine, as they
did in the past. They can be malicious one day as well.

We don't have 50 new CVS people joining the tree every day. We usually
don't even have one. Having them send in patches in the beginning (2-3
weeks) will not kill us.

Zeev

--
Zeev Suraski   <zeev <email protected>>
CTO, Zend Technologies Ltd.  http://www.zend.com/
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Zeev Suraski: "Re: [PHP-DEV] CVS Account Request"
Previous message: Sterling Hughes: "Re: [PHP-DEV] CVS Account Request"
In reply to: Andrei Zmievski: "Re: [PHP-DEV] CVS Account Request"
Next in thread: Andrei Zmievski: "Re: [PHP-DEV] CVS Account Request"
Reply: Andrei Zmievski: "Re: [PHP-DEV] CVS Account Request"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]