Date: Sun, 14 Jul 1996 16:02:17 +0200 From: Wolfram Schneider <wosch@cs.tu-berlin.de> To: Nate Williams <nate@freefall.freebsd.org> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c Message-ID: <199607141402.QAA00547@campa.panke.de> In-Reply-To: <199607120400.VAA27157@freefall.freebsd.org> References: <199607120400.VAA27157@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Nate Williams writes: >nate 96/07/11 21:00:17 > > Modified: usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c > Log: > Changed all sprintf() calls to snprintf(). > > Obtained from: Christos Zoulas <christos@deshaw.com> via NetBSD PR 2621, > > [ slightly modified since we don't use libcompat anymore. ] > > I'm not sure if this fixes the rdist security bug completely, but it > sure can't hurt! Should we disable sprintf() for sgid/suid programs? find /bin /usr/bin /sbin /usr/sbin /usr/libexec -perm -u+s \ -o -perm -g+s |xargs egrep -l sprintf | wc -l 47
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607141402.QAA00547>