LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Students uncover dozens of Unix software flaws (News.com)

Students uncover dozens of Unix software flaws (News.com)

Posted Dec 17, 2004 1:44 UTC (Fri) by huffd (guest, #10382)
Parent article: Students uncover dozens of Unix software flaws (News.com)

An excerpt from the article "While the number seems high, the company said it is far lower than the number associated with most commercial software."

(Log in to post comments)

Students uncover dozens of Unix software flaws (News.com)

Posted Dec 17, 2004 2:16 UTC (Fri) by gdt (subscriber, #6284) [Link]

That's a rather misleading excerpt, as at the point of the quote the story is discussing the Linux kernel's regression testing.

I read the list of bugs the students found at http://tigger.uic.edu/~jlongs2/holes/. Most of the bugs are well-known issues with the use of C, mainly buffer overflows. Some of the bugs are from trusting external input, a problem in most languages.

Rather than consider the number "small", a more startling statistic is that the majority of the Linux installed base is vulnerable to at least one of the bugs the students in this small class found (prominent programs with flaws are: CUPS, mpg123, mplayer, nasm, xine).

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds