From owner-cvs-usrbin  Sun Jul 14 08:37:54 1996
Return-Path: owner-cvs-usrbin
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA10693
          for cvs-usrbin-outgoing; Sun, 14 Jul 1996 08:37:54 -0700 (PDT)
Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA10652;
          Sun, 14 Jul 1996 08:37:42 -0700 (PDT)
Received: from campa.panke.de (anonymous213.ppp.cs.tu-berlin.de [130.149.17.213]) by mail.cs.tu-berlin.de (8.6.12/8.6.12) with ESMTP id RAA11024; Sun, 14 Jul 1996 17:30:32 +0200
Received: (from wosch@localhost) by campa.panke.de (8.6.12/8.6.12) id QAA00547; Sun, 14 Jul 1996 16:02:17 +0200
Date: Sun, 14 Jul 1996 16:02:17 +0200
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
Message-Id: <199607141402.QAA00547@campa.panke.de>
To: Nate Williams <nate@freefall.freebsd.org>
Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org,
        cvs-usrbin@freefall.freebsd.org
Subject: cvs commit:  src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c
In-Reply-To: <199607120400.VAA27157@freefall.freebsd.org>
References: <199607120400.VAA27157@freefall.freebsd.org>
Reply-to: Wolfram Schneider <wosch@cs.tu-berlin.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-cvs-usrbin@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Nate Williams writes:
>nate        96/07/11 21:00:17
>
>  Modified:    usr.bin/rdist  defs.h docmd.c expand.c lookup.c server.c
>  Log:
>  Changed all sprintf() calls to snprintf().
>  
>  Obtained from:	Christos Zoulas <christos@deshaw.com> via NetBSD PR 2621,
>  
>  [ slightly modified since we don't use libcompat anymore. ]
>  
>  I'm not sure if this fixes the rdist security bug completely, but it
>  sure can't hurt!

Should we disable sprintf() for sgid/suid programs?

find /bin  /usr/bin /sbin /usr/sbin /usr/libexec -perm -u+s \
	-o -perm -g+s |xargs egrep -l sprintf | wc -l

47