From owner-freebsd-security Mon Dec 16 10:18:24 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id KAA22313 for security-outgoing; Mon, 16 Dec 1996 10:18:24 -0800 (PST) Received: from gateway.skipstone.com (root@GATEWAY.SKIPSTONE.COM [198.214.10.129]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id KAA22307 for ; Mon, 16 Dec 1996 10:18:21 -0800 (PST) Received: from bugs.skipstone.com (bugs.skipstone.com [204.69.236.2]) by gateway.skipstone.com (8.7.4/8.6.9) with ESMTP id MAA02564; Mon, 16 Dec 1996 12:18:15 -0600 Received: from [204.69.236.50] (hotapplepie.skipstone.com [204.69.236.50]) by bugs.skipstone.com (8.7.5/8.7.3) with ESMTP id MAA31273; Mon, 16 Dec 1996 12:18:06 -0600 X-Sender: rkw@mail.dataplex.net Message-Id: In-Reply-To: <199612161654.IAA19864@seabass.progroup.com> References: from "Joakim Rastberg" at Dec 16, 96 03:55:59 pm Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 16 Dec 1996 12:18:05 -0600 To: "Craig Shaver" From: Richard Wackerbarth Subject: Re: crontab security hole exploit Cc: security@FreeBSD.org Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk >Is there someplace or some book that someone who is writing new software can >refer to for learning how to write secure code in the first place? I >certainly don't want to ask some whiny security cop for each and every >little detail.... :) Most of the exploits currently being discovered are a direct result of programs which move user input into a fixed buffer without checking the length of the string. In each case, someone figures out what will get clobbered and creates a "string" that is designed to overwrite whatever follows the buffer. When those buffers are on the stack, it is very easy to clobber the return stack with a piece of code that takes control. The solution is to use "safe" string copy routines that honor the length of the receiving buffer. Since the methodology of a particular instance does not add to the sphere of knowledge, the details of the exploit don't really give most of us any useful information.