This is an interesting article by Jeremy Allison, one of the lead guys on the Samba Team. He discusses the recently discovered security flaws in Samba, including some in software that he originally wrote. It’s interesting to hear his opinions on how the bugs were introduced, why they weren’t found sooner, and why it will be difficult to prevent similar issues in the future. For example, porting Samba from C to Java would almost definitely improve security, but the performance hit would be unacceptable to most users.
Related posts:
