From owner-freebsd-audit Sun Apr 30 13:17: 9 2000 Delivered-To: freebsd-audit@freebsd.org Received: from florence.pavilion.net (florence.pavilion.net [212.74.0.25]) by hub.freebsd.org (Postfix) with ESMTP id C72DC37BEAB for ; Sun, 30 Apr 2000 13:17:05 -0700 (PDT) (envelope-from joe@pavilion.net) Received: from genius.systems.pavilion.net (genesis.tao.org.uk [194.242.131.254]) by florence.pavilion.net (8.9.3/8.8.8) with ESMTP id VAA70290; Sun, 30 Apr 2000 21:16:23 +0100 (BST) (envelope-from joe@pavilion.net) Received: by genius.systems.pavilion.net (Postfix, from userid 100) id 1DA78362; Sat, 29 Apr 2000 14:10:39 +0100 (BST) Date: Sat, 29 Apr 2000 14:10:39 +0100 From: Joe Karthauser To: Mike Heffner Cc: FreeBSD-audit Subject: Re: three small patches - oflows Message-ID: <20000429141039.A48739@pavilion.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from mheffner@mailandnews.com on Mon, Mar 20, 2000 at 02:12:42AM -0500 X-NCC-RegID: uk.pavilion Organisation: Pavilion Internet plc, Lees House, 21-23 Dyke Road, Brighton, England Phone: +44-845-333-5000 Fax: +44-845-333-5001 Mobile: +44-403-596893 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Mar 20, 2000 at 02:12:42AM -0500, Mike Heffner wrote: > > Index: bin/ed/main.c I'll commit this when I next get connected. I've changed the second patch slightly to: REALLOC(file, filesz, MAXPATHLEN + 1, NULL); - /* assert: no trailing escape */ - while ((file[i++] = (*s == '\\') ? *++s : *s)) + while (i < filesz - 1 /* Worry about a possible trailing escape */ + && (file[i++] = (*s == '\\') ? *++s : *s)) s++; return file; > - natd patch, fixes "natd -w [17000] blah" overflow > Index: sbin/natd/natd.c This too looks good. > - startslip patch, fixes "startslip -d [8192] -c [8192]" overflow > Index: sbin/startslip/startslip.c This too. I'll commit them all on Sunday or Monday. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Apr 30 18:18:20 2000 Delivered-To: freebsd-audit@freebsd.org Received: from MailAndNews.com (MailAndNews.com [199.29.68.160]) by hub.freebsd.org (Postfix) with ESMTP id A639F37B5D3 for ; Sun, 30 Apr 2000 18:18:18 -0700 (PDT) (envelope-from mheffner@mailandnews.com) Received: from muriel.penguinpowered.com [208.138.199.76] (mheffner@mailandnews.com); Sun, 30 Apr 2000 21:18:14 -0400 X-WM-Posted-At: MailAndNews.com; Sun, 30 Apr 00 21:18:14 -0400 Content-Length: 597 Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Sun, 30 Apr 2000 21:17:09 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: FreeBSD-audit Subject: that patch for mktemp? Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hey, Could someone commit Peter Jeremy's patch for mktemp in libc, the one that uses the base-64 encoding? I've been using it for several months without any problems, and I think it's great for a little extra protection. Find it here: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=12364+0+archive/2000/freebsd-audit/ 20000130.freebsd-audit /**************************************** * Mike Heffner * * Fredericksburg, VA ICQ# 882073 * * Sent at: 30-Apr-2000 -- 21:07:30 EST * * http://my.ispchannel.com/~mheffner * ****************************************/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Apr 30 18:22: 0 2000 Delivered-To: freebsd-audit@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0F82337B538; Sun, 30 Apr 2000 18:21:59 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id SAA73903; Sun, 30 Apr 2000 18:21:59 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 30 Apr 2000 18:21:59 -0700 (PDT) From: Kris Kennaway To: Mike Heffner Cc: FreeBSD-audit Subject: Re: that patch for mktemp? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 30 Apr 2000, Mike Heffner wrote: > Could someone commit Peter Jeremy's patch for mktemp in libc, the one that uses > the base-64 encoding? I've been using it for several months without any > problems, and I think it's great for a little extra protection. Actually, if this is the one him and I worked on, there's one problem with it, namely that it uses '&' as one of the filename characters, which obviously has a special meaning to shells. Apart from that, I've also been running it since then with no problems. I'll try and get it committed shortly. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Apr 30 20:59:35 2000 Delivered-To: freebsd-audit@freebsd.org Received: from MailAndNews.com (MailAndNews.com [199.29.68.160]) by hub.freebsd.org (Postfix) with ESMTP id 2B81C37B65C; Sun, 30 Apr 2000 20:59:32 -0700 (PDT) (envelope-from mheffner@mailandnews.com) Received: from muriel.penguinpowered.com [208.138.199.76] (mheffner@mailandnews.com); Sun, 30 Apr 2000 23:59:25 -0400 X-WM-Posted-At: MailAndNews.com; Sun, 30 Apr 00 23:59:25 -0400 Content-Length: 551 Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Sun, 30 Apr 2000 23:58:30 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: Kris Kennaway Subject: Re: that patch for mktemp? Cc: FreeBSD-audit , Mike Heffner Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 01-May-2000 Kris Kennaway wrote: | Actually, if this is the one him and I worked on, there's one problem with | it, namely that it uses '&' as one of the filename characters, which | obviously has a special meaning to shells. | Hrm, I suppose we might also want to get rid of '~' then. /**************************************** * Mike Heffner * * Fredericksburg, VA ICQ# 882073 * * Sent at: 30-Apr-2000 -- 23:47:22 EST * * http://my.ispchannel.com/~mheffner * ****************************************/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Apr 30 21: 5:20 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 3BD8237B65C; Sun, 30 Apr 2000 21:05:11 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id WAA09073; Sun, 30 Apr 2000 22:05:01 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA74367; Sun, 30 Apr 2000 22:04:52 -0600 (MDT) Message-Id: <200005010404.WAA74367@harmony.village.org> To: Mike Heffner Subject: Re: that patch for mktemp? Cc: Kris Kennaway , FreeBSD-audit In-reply-to: Your message of "Sun, 30 Apr 2000 23:58:30 EDT." References: Date: Sun, 30 Apr 2000 22:04:52 -0600 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message Mike Heffner writes: : Hrm, I suppose we might also want to get rid of '~' then. ~ isn't too special to shells, so unless it is at the start of a filename, you shouldn't have a problem. That said, all of the following are special metacharacters to shells: !$^&*(){}[]?~`"';<>|\ (recall that ^ is a synonym for |). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Apr 30 21: 5:56 2000 Delivered-To: freebsd-audit@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 8822537B5B2; Sun, 30 Apr 2000 21:05:54 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id VAA93175; Sun, 30 Apr 2000 21:05:54 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 30 Apr 2000 21:05:54 -0700 (PDT) From: Kris Kennaway To: Mike Heffner Cc: FreeBSD-audit Subject: Re: that patch for mktemp? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 30 Apr 2000, Mike Heffner wrote: > On 01-May-2000 Kris Kennaway wrote: > | Actually, if this is the one him and I worked on, there's one problem with > | it, namely that it uses '&' as one of the filename characters, which > | obviously has a special meaning to shells. > | > > Hrm, I suppose we might also want to get rid of '~' then. I don't think that's a problem - AFAIK shells only treat that as special when it's the first character in the filename. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Apr 30 21:17:16 2000 Delivered-To: freebsd-audit@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0381A37B9CD; Sun, 30 Apr 2000 21:17:15 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id VAA94577; Sun, 30 Apr 2000 21:17:14 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 30 Apr 2000 21:17:14 -0700 (PDT) From: Kris Kennaway To: Warner Losh Cc: Mike Heffner , FreeBSD-audit Subject: Re: that patch for mktemp? In-Reply-To: <200005010404.WAA74367@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 30 Apr 2000, Warner Losh wrote: > ~ isn't too special to shells, so unless it is at the start of a > filename, you shouldn't have a problem. That can only happen if mktemp() is called with no prefix (i.e. "/tmp/XXXXXX" instead of "/tmp/fooXXXXXX"), which is not the docuemnted usage in the manpage ("The template may be any file name with some number of `Xs' appended to it") although I don't know what POSIX has to say on the matter. Probably to be safe we should make it so the PID is encoded first, since that will never have any metacharacters in it. > That said, all of the following are special metacharacters to shells: > !$^&*(){}[]?~`"';<>|\ > > (recall that ^ is a synonym for |). Damn, I didn't know that. ! and ^ will have to be removed, which brings the number of random characters to 73, or 389017 different random combinations for the standard 6-X tempfile. This is still pretty good. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Apr 30 21:23: 0 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 2A7CF37B63C; Sun, 30 Apr 2000 21:22:52 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id WAA09205; Sun, 30 Apr 2000 22:22:50 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA74667; Sun, 30 Apr 2000 22:22:40 -0600 (MDT) Message-Id: <200005010422.WAA74667@harmony.village.org> To: Kris Kennaway Subject: Re: that patch for mktemp? Cc: Mike Heffner , FreeBSD-audit In-reply-to: Your message of "Sun, 30 Apr 2000 21:17:14 PDT." References: Date: Sun, 30 Apr 2000 22:22:40 -0600 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message Kris Kennaway writes: : > That said, all of the following are special metacharacters to shells: : > !$^&*(){}[]?~`"';<>|\ : > : > (recall that ^ is a synonym for |). : : Damn, I didn't know that. ! and ^ will have to be removed, which brings : the number of random characters to 73, or 389017 different random : combinations for the standard 6-X tempfile. This is still pretty good. ! is only a meta character in csh in interactive mode. ^ can likely be removed as an alais for | since this was changed in the v5 or v6 timeframe iirc and ^ was left in for backward compatibility ever since. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Apr 30 21:28: 9 2000 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 52DEF37B943; Sun, 30 Apr 2000 21:28:05 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id WAA09258; Sun, 30 Apr 2000 22:28:03 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA74761; Sun, 30 Apr 2000 22:27:54 -0600 (MDT) Message-Id: <200005010427.WAA74761@harmony.village.org> Subject: Re: that patch for mktemp? To: Kris Kennaway , Mike Heffner , FreeBSD-audit In-reply-to: Your message of "Sun, 30 Apr 2000 22:22:40 MDT." <200005010422.WAA74667@harmony.village.org> References: <200005010422.WAA74667@harmony.village.org> Date: Sun, 30 Apr 2000 22:27:54 -0600 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200005010422.WAA74667@harmony.village.org> Warner Losh writes: : ^ can likely be removed as an alais for | since this was changed in : the v5 or v6 timeframe iirc and ^ was left in for backward : compatibility ever since. I'll have to go look at our actual sh sources. The ^ vs | thing is from SunOS 4.0 and 4.1. Looking at the source code shows clearly that this is no longer the case, so '^' should be considered safe unless tcsh does something whacked out with it. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon May 1 7:45:15 2000 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id A352637BC3F for ; Mon, 1 May 2000 07:45:13 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id KAA12040; Mon, 1 May 2000 10:44:54 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Mon, 1 May 2000 10:44:54 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Joe Karthauser Cc: Mike Heffner , FreeBSD-audit Subject: Re: three small patches - oflows In-Reply-To: <20000429141039.A48739@pavilion.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I noticed a bunch of commits go in labeled, ``fix buffer overflow'' -- any chance you could include a note indicating whether or not they represent a security hole in the base configuration/etc? I.e., the natd buffer overflow does not present a security risk (that I'm aware of) as it's not setugid, and when it does run with privilege only the caller can specify the arguments? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue May 2 6:42: 7 2000 Delivered-To: freebsd-audit@freebsd.org Received: from florence.pavilion.net (florence.pavilion.net [212.74.0.25]) by hub.freebsd.org (Postfix) with ESMTP id 5224537B7A6; Tue, 2 May 2000 06:42:01 -0700 (PDT) (envelope-from joe@pavilion.net) Received: from genius.systems.pavilion.net (postfix@genius.systems.pavilion.net [212.74.1.100]) by florence.pavilion.net (8.9.3/8.8.8) with ESMTP id OAA38185; Tue, 2 May 2000 14:39:15 +0100 (BST) (envelope-from joe@pavilion.net) Received: by genius.systems.pavilion.net (Postfix, from userid 100) id 68086255; Tue, 2 May 2000 14:39:15 +0100 (BST) Date: Tue, 2 May 2000 14:39:15 +0100 From: Joe Karthauser To: Robert Watson Cc: Mike Heffner , FreeBSD-audit Subject: Re: three small patches - oflows Message-ID: <20000502143915.G3433@pavilion.net> References: <20000429141039.A48739@pavilion.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from rwatson@freebsd.org on Mon, May 01, 2000 at 10:44:54AM -0400 X-NCC-RegID: uk.pavilion Organisation: Pavilion Internet plc, Lees House, 21-23 Dyke Road, Brighton, England Phone: +44-845-333-5000 Fax: +44-845-333-5001 Mobile: +44-403-596893 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, May 01, 2000 at 10:44:54AM -0400, Robert Watson wrote: > > I noticed a bunch of commits go in labeled, ``fix buffer overflow'' -- any > chance you could include a note indicating whether or not they represent a > security hole in the base configuration/etc? I.e., the natd buffer > overflow does not present a security risk (that I'm aware of) as it's not > setugid, and when it does run with privilege only the caller can specify > the arguments? I'll do that in future commits, and when I MFC these later. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message