From owner-cvs-usrbin Sun Jul 14 08:37:54 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA10693 for cvs-usrbin-outgoing; Sun, 14 Jul 1996 08:37:54 -0700 (PDT) Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA10652; Sun, 14 Jul 1996 08:37:42 -0700 (PDT) Received: from campa.panke.de (anonymous213.ppp.cs.tu-berlin.de [130.149.17.213]) by mail.cs.tu-berlin.de (8.6.12/8.6.12) with ESMTP id RAA11024; Sun, 14 Jul 1996 17:30:32 +0200 Received: (from wosch@localhost) by campa.panke.de (8.6.12/8.6.12) id QAA00547; Sun, 14 Jul 1996 16:02:17 +0200 Date: Sun, 14 Jul 1996 16:02:17 +0200 From: Wolfram Schneider Message-Id: <199607141402.QAA00547@campa.panke.de> To: Nate Williams Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c In-Reply-To: <199607120400.VAA27157@freefall.freebsd.org> References: <199607120400.VAA27157@freefall.freebsd.org> Reply-to: Wolfram Schneider MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Nate Williams writes: >nate 96/07/11 21:00:17 > > Modified: usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c > Log: > Changed all sprintf() calls to snprintf(). > > Obtained from: Christos Zoulas via NetBSD PR 2621, > > [ slightly modified since we don't use libcompat anymore. ] > > I'm not sure if this fixes the rdist security bug completely, but it > sure can't hurt! Should we disable sprintf() for sgid/suid programs? find /bin /usr/bin /sbin /usr/sbin /usr/libexec -perm -u+s \ -o -perm -g+s |xargs egrep -l sprintf | wc -l 47 From owner-cvs-usrbin Sun Jul 14 09:42:46 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA25134 for cvs-usrbin-outgoing; Sun, 14 Jul 1996 09:42:46 -0700 (PDT) Received: (from guido@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA25057; Sun, 14 Jul 1996 09:42:36 -0700 (PDT) Date: Sun, 14 Jul 1996 09:42:36 -0700 (PDT) From: Guido van Rooij Message-Id: <199607141642.JAA25057@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/chpass chpass.c Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk guido 96/07/14 09:42:35 Modified: usr.bin/chpass chpass.c Log: Move setting of username to the correcft place; also initialize it. Reviewed by: peter@freebsd.org Revision Changes Path 1.10 +3 -3 src/usr.bin/chpass/chpass.c From owner-cvs-usrbin Sun Jul 14 10:23:35 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA07604 for cvs-usrbin-outgoing; Sun, 14 Jul 1996 10:23:35 -0700 (PDT) Received: from precipice.shockwave.com (ppp-5-22.rdcy01.pacbell.net [206.170.5.22]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA07589; Sun, 14 Jul 1996 10:23:31 -0700 (PDT) Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.5/8.7.3) with ESMTP id KAA07409; Sun, 14 Jul 1996 10:22:33 -0700 (PDT) Message-Id: <199607141722.KAA07409@precipice.shockwave.com> To: Wolfram Schneider cc: Nate Williams , CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c In-reply-to: Your message of "Sun, 14 Jul 1996 16:02:17 +0200." <199607141402.QAA00547@campa.panke.de> Date: Sun, 14 Jul 1996 10:22:32 -0700 From: Paul Traina Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk That's way over-board. The only case where sprintf can get you into trouble is if you're sprintfing tainted variables (to steal a perl term) into a stack buffer. From: Wolfram Schneider Subject: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c serv >>er.c Nate Williams writes: >nate 96/07/11 21:00:17 > > Modified: usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c > Log: > Changed all sprintf() calls to snprintf(). > > Obtained from: Christos Zoulas via NetBSD PR 262 >>1, > > [ slightly modified since we don't use libcompat anymore. ] > > I'm not sure if this fixes the rdist security bug completely, but it > sure can't hurt! Should we disable sprintf() for sgid/suid programs? find /bin /usr/bin /sbin /usr/sbin /usr/libexec -perm -u+s \ -o -perm -g+s |xargs egrep -l sprintf | wc -l 47 From owner-cvs-usrbin Sun Jul 14 11:05:44 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA18277 for cvs-usrbin-outgoing; Sun, 14 Jul 1996 11:05:44 -0700 (PDT) Received: from lestat.nas.nasa.gov (lestat.nas.nasa.gov [129.99.50.29]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id LAA18270; Sun, 14 Jul 1996 11:05:42 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by lestat.nas.nasa.gov (8.7.5/8.6.12) with SMTP id KAA29768; Sun, 14 Jul 1996 10:58:43 -0700 (PDT) Message-Id: <199607141758.KAA29768@lestat.nas.nasa.gov> X-Authentication-Warning: lestat.nas.nasa.gov: Host localhost [127.0.0.1] didn't use HELO protocol To: Paul Traina Cc: Wolfram Schneider , Nate Williams , CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c Reply-To: Jason Thorpe From: Jason Thorpe Date: Sun, 14 Jul 1996 10:58:42 -0700 Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 14 Jul 1996 10:22:32 -0700 Paul Traina wrote: > That's way over-board. The only case where sprintf can get you into trouble > is if you're sprintfing tainted variables (to steal a perl term) into a stack > buffer. It may be overboard, but it certainly doesn't _hurt_ :-) > Should we disable sprintf() for sgid/suid programs? > > find /bin /usr/bin /sbin /usr/sbin /usr/libexec -perm -u+s \ > -o -perm -g+s |xargs egrep -l sprintf | wc -l > > 47 Not that many, and it's probably worth it. We're thinking of doing that in the NetBSD camp, too. I'd say that for the relatively small amount of work that it would take to sweep-up, the quality added to one's sleep makes the choice clear :-) -- save the ancient forests - http://www.bayarea.net/~thorpej/forest/ -- Jason R. Thorpe thorpej@nas.nasa.gov NASA Ames Research Center Home: 408.866.1912 NAS: M/S 258-6 Work: 415.604.0935 Moffett Field, CA 94035 Pager: 415.428.6939 From owner-cvs-usrbin Sun Jul 14 16:57:06 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA13658 for cvs-usrbin-outgoing; Sun, 14 Jul 1996 16:57:06 -0700 (PDT) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id QAA13590; Sun, 14 Jul 1996 16:56:45 -0700 (PDT) Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.12/8.6.9) id JAA10509; Mon, 15 Jul 1996 09:51:26 +1000 Date: Mon, 15 Jul 1996 09:51:26 +1000 From: Bruce Evans Message-Id: <199607142351.JAA10509@godzilla.zeta.org.au> To: pst@shockwave.com, thorpej@nas.nasa.gov Subject: Re: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org, nate@freefall.freebsd.org, wosch@cs.tu-berlin.de Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > That's way over-board. The only case where sprintf can get you into trouble > > is if you're sprintfing tainted variables (to steal a perl term) into a stack > > buffer. >It may be overboard, but it certainly doesn't _hurt_ :-) It may give a false sense of security. > > Should we disable sprintf() for sgid/suid programs? Why stop there? Convert all strcpy()s to snprintf()s. Convert all pointers to arrays. Implement array bounds checking. Actually use array bounds checking. !-) Bruce From owner-cvs-usrbin Sun Jul 14 17:57:37 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA23222 for cvs-usrbin-outgoing; Sun, 14 Jul 1996 17:57:37 -0700 (PDT) Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id RAA22047; Sun, 14 Jul 1996 17:51:21 -0700 (PDT) Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id CAA00217; Mon, 15 Jul 1996 02:50:42 +0200 Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id CAA28803; Mon, 15 Jul 1996 02:50:42 +0200 Received: (from j@localhost) by uriah.heep.sax.de (8.7.5/8.6.9) id CAA13659; Mon, 15 Jul 1996 02:42:23 +0200 (MET DST) From: J Wunsch Message-Id: <199607150042.CAA13659@uriah.heep.sax.de> Subject: Re: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c To: bde@zeta.org.au (Bruce Evans) Date: Mon, 15 Jul 1996 02:42:22 +0200 (MET DST) Cc: pst@shockwave.com, thorpej@nas.nasa.gov, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org, nate@freefall.freebsd.org, wosch@cs.tu-berlin.de Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: <199607142351.JAA10509@godzilla.zeta.org.au> from Bruce Evans at "Jul 15, 96 09:51:26 am" X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E X-Mailer: ELM [version 2.4ME+ PL17 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk As Bruce Evans wrote: > > > Should we disable sprintf() for sgid/suid programs? > > Why stop there? Convert all strcpy()s to snprintf()s. Convert all > pointers to arrays. Implement array bounds checking. Actually use > array bounds checking. !-) Use Pascal. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-) From owner-cvs-usrbin Mon Jul 15 09:29:15 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA21151 for cvs-usrbin-outgoing; Mon, 15 Jul 1996 09:29:15 -0700 (PDT) Received: (from pst@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA21135; Mon, 15 Jul 1996 09:29:04 -0700 (PDT) Date: Mon, 15 Jul 1996 09:29:04 -0700 (PDT) From: Paul Traina Message-Id: <199607151629.JAA21135@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/rlogin rlogin.c Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk pst 96/07/15 09:29:04 Modified: usr.bin/rlogin rlogin.c Log: Do a bounds check on the strcpy of environment variables onto the stack. Revision Changes Path 1.11 +1 -1 src/usr.bin/rlogin/rlogin.c From owner-cvs-usrbin Mon Jul 15 14:59:33 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA20201 for cvs-usrbin-outgoing; Mon, 15 Jul 1996 14:59:33 -0700 (PDT) Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA20157; Mon, 15 Jul 1996 14:58:23 -0700 (PDT) Received: from campa.panke.de (anonymous231.ppp.cs.tu-berlin.de [130.149.17.231]) by mail.cs.tu-berlin.de (8.6.12/8.6.12) with ESMTP id XAA12182; Mon, 15 Jul 1996 23:37:29 +0200 Received: (from wosch@localhost) by campa.panke.de (8.6.12/8.6.12) id XAA00791; Mon, 15 Jul 1996 23:32:43 +0200 Date: Mon, 15 Jul 1996 23:32:43 +0200 From: Wolfram Schneider Message-Id: <199607152132.XAA00791@campa.panke.de> To: Bruce Evans Cc: pst@shockwave.com, thorpej@nas.nasa.gov, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org, nate@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c In-Reply-To: <199607142351.JAA10509@godzilla.zeta.org.au> References: <199607142351.JAA10509@godzilla.zeta.org.au> Reply-to: Wolfram Schneider MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Bruce Evans writes: >>It may be overboard, but it certainly doesn't _hurt_ :-) > >It may give a false sense of security. Thats life. You close the front door and the burglar use the window or kidnaps your children. >> > Should we disable sprintf() for sgid/suid programs? > >Why stop there? Convert all strcpy()s to snprintf()s. Hm, Paul already started ;-) Why waiting for next CERT report? We have ~77 suid/sgid programs (total ~584 programs). Of course to much s-bits. >pst 96/07/15 09:29:04 > > Modified: usr.bin/rlogin rlogin.c > Log: > Do a bounds check on the strcpy of environment variables onto the stack. > > Revision Changes Path > 1.11 +1 -1 src/usr.bin/rlogin/rlogin.c Wolfram From owner-cvs-usrbin Wed Jul 17 04:03:07 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id EAA00275 for cvs-usrbin-outgoing; Wed, 17 Jul 1996 04:03:07 -0700 (PDT) Received: (from bde@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id EAA00249; Wed, 17 Jul 1996 04:02:54 -0700 (PDT) Date: Wed, 17 Jul 1996 04:02:54 -0700 (PDT) From: Bruce Evans Message-Id: <199607171102.EAA00249@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/make main.c make.1 Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk bde 96/07/17 04:02:52 Modified: usr.bin/make main.c make.1 Log: Added a -V option to print make's idea of the value of a variable. Submitted by: mark@linus.demon.co.uk (Mark Valentine) Fixed bugs and inconsistencies in synopsis and usage message. Revision Changes Path 1.7 +33 -6 src/usr.bin/make/main.c 1.3 +14 -2 src/usr.bin/make/make.1 From owner-cvs-usrbin Wed Jul 17 05:18:59 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA03629 for cvs-usrbin-outgoing; Wed, 17 Jul 1996 05:18:59 -0700 (PDT) Received: (from bde@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA03611; Wed, 17 Jul 1996 05:18:52 -0700 (PDT) Date: Wed, 17 Jul 1996 05:18:52 -0700 (PDT) From: Bruce Evans Message-Id: <199607171218.FAA03611@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/sed compile.c Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk bde 96/07/17 05:18:52 Modified: usr.bin/sed compile.c Log: Yet^2 another fix for the line continuation bug. The fundamental problem with the original code is that it accesses p[-2] which is one before the beginning of the input buffer for empty lines. rev.1.6 just moved the problem from failures when p[-2] happens to be '\\' to failures when it happens to be '\0'. rev.1.5 was confused about the trailing newline and other things. I went back to rev.1.5 and fixed it. The result is the same as Keith Bostic's final version in PR 1356 except it loses more gracefully for excessively long input lines. Revision Changes Path 1.7 +5 -5 src/usr.bin/sed/compile.c From owner-cvs-usrbin Wed Jul 17 17:08:15 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA03364 for cvs-usrbin-outgoing; Wed, 17 Jul 1996 17:08:15 -0700 (PDT) Received: (from jkh@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA03345; Wed, 17 Jul 1996 17:08:06 -0700 (PDT) Date: Wed, 17 Jul 1996 17:08:06 -0700 (PDT) From: "Jordan K. Hubbard" Message-Id: <199607180008.RAA03345@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/fetch fetch.1 main.c Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk jkh 96/07/17 17:08:05 Modified: usr.bin/fetch fetch.1 main.c Log: Add -n flag to use the current modtime rather than preserving it. Revision Changes Path 1.3 +5 -3 src/usr.bin/fetch/fetch.1 1.9 +8 -3 src/usr.bin/fetch/main.c From owner-cvs-usrbin Wed Jul 17 17:09:06 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA03458 for cvs-usrbin-outgoing; Wed, 17 Jul 1996 17:09:06 -0700 (PDT) Received: (from jkh@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA03437; Wed, 17 Jul 1996 17:09:00 -0700 (PDT) Date: Wed, 17 Jul 1996 17:09:00 -0700 (PDT) From: "Jordan K. Hubbard" Message-Id: <199607180009.RAA03437@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/fetch main.c Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk jkh 96/07/17 17:09:00 Modified: usr.bin/fetch main.c Log: Whups - update the usage message too. Revision Changes Path 1.10 +2 -2 src/usr.bin/fetch/main.c From owner-cvs-usrbin Thu Jul 18 13:43:02 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA16003 for cvs-usrbin-outgoing; Thu, 18 Jul 1996 13:43:02 -0700 (PDT) Received: (from joerg@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA15981; Thu, 18 Jul 1996 13:42:49 -0700 (PDT) Date: Thu, 18 Jul 1996 13:42:49 -0700 (PDT) From: Joerg Wunsch Message-Id: <199607182042.NAA15981@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/ipcs ipcs.c Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk joerg 96/07/18 13:42:49 Modified: usr.bin/ipcs ipcs.c Log: s/msg/shm/ for one variable. Submitted by: jin@george.lbl.gov (Jin Guojun[ITG]) Revision Changes Path 1.6 +2 -2 src/usr.bin/ipcs/ipcs.c From owner-cvs-usrbin Thu Jul 18 17:45:07 1996 Return-Path: owner-cvs-usrbin Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA03845 for cvs-usrbin-outgoing; Thu, 18 Jul 1996 17:45:07 -0700 (PDT) Received: (from jdp@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA03809; Thu, 18 Jul 1996 17:44:57 -0700 (PDT) Date: Thu, 18 Jul 1996 17:44:57 -0700 (PDT) From: John Polstra Message-Id: <199607190044.RAA03809@freefall.freebsd.org> To: CVS-committers, cvs-all, cvs-usrbin Subject: cvs commit: src/usr.bin/at parsetime.c Sender: owner-cvs-usrbin@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk jdp 96/07/18 17:44:57 Modified: usr.bin/at parsetime.c Log: Fix botches in the handling of "AM" and "PM": 12:xx PM is 12:xx, not 24:xx. 12:xx AM is 00:xx, not 12:xx. Revision Changes Path 1.7 +8 -3 src/usr.bin/at/parsetime.c