diff options
| author | Gwenolé Beauchesne <gbeauchesne@mandriva.org> | 2003-02-18 16:48:04 +0000 |
|---|---|---|
| committer | Gwenolé Beauchesne <gbeauchesne@mandriva.org> | 2003-02-18 16:48:04 +0000 |
| commit | c93f95560d3fde9eaefcc62c454c67b8b5626fa7 (patch) | |
| tree | 28fc15161411de0c3693b3ac2551bb3dcef8c957 /mdk-stage1/dietlibc/SECURITY | |
| parent | 0e38e73d18120d339abc5f3b3faa8876d65de288 (diff) | |
| download | drakx-c93f95560d3fde9eaefcc62c454c67b8b5626fa7.tar drakx-c93f95560d3fde9eaefcc62c454c67b8b5626fa7.tar.gz drakx-c93f95560d3fde9eaefcc62c454c67b8b5626fa7.tar.bz2 drakx-c93f95560d3fde9eaefcc62c454c67b8b5626fa7.tar.xz drakx-c93f95560d3fde9eaefcc62c454c67b8b5626fa7.zip | |
Merge in CVS dietlibc 0.21 for IA-64 and X86-64 support. However, drop the
following architectures we currently don't support: arm, mips, mipsel, parisc,
s390, sparc64.
Diffstat (limited to 'mdk-stage1/dietlibc/SECURITY')
| -rw-r--r-- | mdk-stage1/dietlibc/SECURITY | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/mdk-stage1/dietlibc/SECURITY b/mdk-stage1/dietlibc/SECURITY new file mode 100644 index 000000000..67debc6e7 --- /dev/null +++ b/mdk-stage1/dietlibc/SECURITY @@ -0,0 +1,13 @@ +The diet libc was written with small code and embedded devices in mind, +not with security for network servers. + +Of course we still try to avoid buffer overflows, but there are some +parts of the code where tradeoffs have been made. This file is meant to +document them. + + 1. The DNS routines do not check whether the answer came from the IP + of the DNS server. The rationale is that people who can sniff the + network to find out the query, source port and DNS sequence number + can also spoof DNS packets to appear to come from the server we + asked, so it does not actually increase security to have that + check. |