Students uncover dozens of Unix software flaws
To make the grade, students at the University of Illinois found 44 security flaws in various Unix applications.
The flaws, which range from minor slipups in rarely used applications to more serious vulnerabilities in software that ships with most versions of the Linux operating system, were found as part of Bernstein's graduate-level course at the University of Illinois at Chicago.
"Every program is used somewhere--this was a requirement for the homework--but the programs vary widely in popularity," Bernstein, a professor of computer science at the university, stated in an e-mail interview Thursday.
The advisories regarding the flaws were dated Wednesday and can be found on the Web site of student James Longstreet.
Bernstein said it was necessary for programmers to learn security, both to analyze existing programs and to create new ones.
"If any (programmer makes) a security mistake, then your computer is vulnerable to attack," he said in the e-mail interview. "So we have to teach all programmers how to avoid these mistakes."
The latest crop of security flaws comes two days after a software-testing company announced that it had found 985 flaws in the latest Linux kernel during the past four years using the company's analysis software. While the number seems high, the company said it is far lower than the number associated with most commercial software.
Each person in the class during the fall semester had to find 10 flaws, a task that counted toward 60 percent of their grade for the class, according to class notes posted on Bernstein's Web site. With only 44 flaws discovered among a reported 25 students, Bernstein said he is rethinking the grading curve.
"At the end of the course, I decided to throw that scale away and think about how much the students had learned," he wrote