On 9/27/25 4:30 AM, Amit wrote:
---
How to do secure coding and create secure software
---
I can do secure coding and no one can hack my code unless the langu
On 9/30/25 00:23, Solar Designer wrote:
[...]
So is the vulnerability in the shell, like Shellshock was determined to
be? [...] the shell maintainers may well dispute this CVE on
such grounds as well as because the shell worked exactly as documented. [...]
Small nit here: Shellshock was clear
On 2025-09-28 09:05:15 +0530 (+0530), Amit wrote:
[...]
But still, the main point is that can someone give an example of how a
software made up of all secure functions be hacked? I request for an
example (not theoretical statements).
Or, some example that happened in the past in the real world
On Mon, 29 Sept 2025 at 20:55, Jeremy Stanley wrote:
> On 2025-09-29 09:01:26 +0530 (+0530), Amit wrote:
> [...]
> > The function body should also be secure.
>
> This generalizes to a tautology: The software is secure if the
> software is secure. It's true, of course, as are all tautologies,
> wh
"the term "hack" has a lot of other less nefarious meanings, and using
it to describe unwanted or criminal activity casts the entire hacker
community in a negative light."
Just want to add my support for this important statement. Thanks for
saying stating this so well Jeremy!
-Katie
On 202
On Sun, Sep 28, 2025 at 10:53 AM Amit wrote:
>
>
> On Sun, 28 Sept 2025 at 03:11, Solar Designer wrote:
>>
>>
>> You claim that "If functions/methods are secure then the whole software
>> is secure." If we talk C where main() is also a function, and limit the
>> definition of "whole software" to
On Mon, 29 Sept 2025 at 01:21, Jeffrey Walton wrote:
> On Sun, Sep 28, 2025 at 10:53 AM Amit wrote:
> >
> >
> > On Sun, 28 Sept 2025 at 03:11, Solar Designer
> wrote:
> >>
> >>
> >> You claim that "If functions/methods are secure then the whole software
> >> is secure." If we talk C where main
On 2025-09-29 09:01:26 +0530 (+0530), Amit wrote:
[...]
The function body should also be secure.
This generalizes to a tautology: The software is secure if the
software is secure. It's true, of course, as are all tautologies,
while also being a useless assertion.
After writing code, you sho
Also: We at the Linux Foundation/Open Source Security Foundation (OpenSSF)
have a free course on "Developing Secure Software (LFD121)", available here:
https://training.linuxfoundation.org/training/developing-secure-software-lfd121/
If you complete the course you can earn a digital badge.
It's *de
A correction:
On Tue, Sep 30, 2025 at 07:23:52AM +0200, Solar Designer wrote:
> A malicious HTTP client connects to the HTTP server and requests an URL
> corresponding to the CGI script. It uses the PUT method. It passes a
> header named GET_SHELL_FUNCTION with a value that defines a shell
> fun
On Mon, Sep 29, 2025 at 12:49 PM Dan Cross wrote:
> [snip]
> For example, in your original email, you mention validating the length
> of a 0-terminated C string. You suggest that one may use the `strnlen`
> function to do this, since there's no guarantee that an input buffer
> actually contains a
On Mon, Sep 29, 2025 at 11:51 AM Amit wrote:
> On Mon, 29 Sept 2025 at 01:21, Jeffrey Walton wrote:
>> On Sun, Sep 28, 2025 at 10:53 AM Amit wrote:
>> > On Sun, 28 Sept 2025 at 03:11, Solar Designer wrote:
>> >> You claim that "If functions/methods are secure then the whole software
>> >> is se
On Tue, 30 Sept 2025 at 11:50, Solar Designer wrote:
> A correction:
>
> On Tue, Sep 30, 2025 at 07:23:52AM +0200, Solar Designer wrote:
> > A malicious HTTP client connects to the HTTP server and requests an URL
> > corresponding to the CGI script. It uses the PUT method. It passes a
> > heade
On 9/27/25 11:35 PM, Amit wrote:
> Let's assume that there are 2 (or more) different software and all the
> functions in all the software are secure and these software are interacting
> with each other. Then how can they be hacked? Can someone give an example.
>
> I don't agree with theoretical a
On Tue, Sep 30, 2025 at 02:54:58PM +0530, Amit wrote:
> Definitely, let's wind down this thread.
>
> My final point:
Message accepted assuming that it is indeed final. No further messages
from you on this topic are likely to be accepted, so please don't bother
writing any.
> My whole idea was t
Hi,
Let's wind this thread down. As a moderator, I already rejected 4
postings (3 by Amit, 1 arguing with him), and if necessary will reject
more. Further postings to this thread, if any, will have to add value
on top of what was already said. The 4 rejected postings did not.
There's no goal o
> Can someone give an example as to how a software made up of secure
> functions can be hacked?
The security depends not only on the program but on your requirements and the
environment where it is used.
https://bad-example-find-xargs-rm.s3.eu-west-2.amazonaws.com/find_xargs_rm.html
There's the w
On Sun, 28 Sept 2025 at 03:11, Solar Designer wrote:
>
> You claim that "If functions/methods are secure then the whole software
> is secure." If we talk C where main() is also a function, and limit the
> definition of "whole software" to one program, then I'd agree - your
> claim can as well di
On 9/27/25 02:30, Amit wrote:
---
How to do secure coding and create secure software
---
I can do secure coding and no one can hack my code unless the language/
On 9/27/25 1:30 AM, Amit wrote:
---
How to do secure coding and create secure software
---
I can do secure coding and no one can hack my code unless the languag
On 2025-09-27 23:40:13 +0200 (+0200), Solar Designer wrote:
[...]
However, if in "functions/methods are secure" you refer only to
smaller building blocks, then no, the program built from them may
still be insecure. Also "the whole software" isn't necessarily
just one program.
[...]
Yes, in pr
Hi Amit,
On Sat, Sep 27, 2025 at 02:00:07PM +0530, Amit wrote:
> I can do secure coding and no one can hack my code unless the language/OS have
> some issues. You can challenge me on this.
>
> Ultimately, all software boil down to functions/methods. If functions/methods
> are secure then the whol
---
How to do secure coding and create secure software
---
I can do secure coding and no one can hack my code unless the language/OS have
some issues. You can cha
23 matches
Mail list logo
