Subject Re: [IB-Architect] Security holes...
Author Andi Kleen
On Sat, Apr 01, 2000 at 11:04:26AM -0700, Jason Wharton wrote:
> Will I need to wait until the source is released and then make my own Q&D
> hacks to disable the server in the areas that offer the exploits? Hopefully
> I can do this!

Auditing a huge program for buffer overflows and security problem is a big
project. If the protocol is documented it is probably easier to write
a small proxy that verifies all requests against some very strict rules
and lets them through when they don't exceed them. The small proxy
has the advantage that it is much more easy to audit it properly.