From owner-freebsd-security  Mon Nov  2 13:23:04 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA07058
          for freebsd-security-outgoing; Mon, 2 Nov 1998 13:23:04 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rgate2.ricochet.net (rgate2.ricochet.net [204.179.143.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA07043
          for <freebsd-security@FreeBSD.ORG>; Mon, 2 Nov 1998 13:22:58 -0800 (PST)
          (envelope-from enkhyl@scient.com)
Received: from mg137-090.ricochet.net (mg137-090.ricochet.net [204.179.137.90])
	by rgate2.ricochet.net (8.8.8/8.8.8) with ESMTP id PAA24108;
	Mon, 2 Nov 1998 15:22:35 -0600 (CST)
Date: Mon, 2 Nov 1998 13:21:49 -0800 (PST)
From: Christopher Nielsen <enkhyl@scient.com>
X-Sender: enkhyl@ender.sf.scient.com
Reply-To: enkhyl@hayseed.net
To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
cc: freebsd-security@FreeBSD.ORG, winter@jurai.net
Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass)
In-Reply-To: <98Nov2.132551est.40330@border.alcanet.com.au>
Message-ID: <Pine.BSF.4.05.9811021317410.442-100000@ender.sf.scient.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 2 Nov 1998, Peter Jeremy wrote:

> Date: Mon, 2 Nov 1998 13:26:18 +1100
> From: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
> To: freebsd-security@FreeBSD.ORG, winter@jurai.net
> Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass)
> 
> "Matthew N. Dodd" <winter@jurai.net> wrote:
> >  At this point there isn't any reason not to go about fixing these
> >potential problems though.
> 
> ssh also contains a large number of sprintf() calls.  Not all of these
> are immediately innocuous.  There are also 2 sscanf() calls with %s
> formats which could be dangerous.  Not to mention the str[n]cat() and
> str[n]cpy() calls.  Unfortunately I have another bushfire to worry
> about right now, or I'd check through them as well.
> 
> The problem with C is that there are too many ways to shoot yourself
> in the foot...  A full security audit on ssh (which it sounds like it
> might need) would be fairly time-consuming.

It might be time better spent rewriting SSH. SSH 1.2.x is suffering from
serious bloat, IMHO. Yes, I know about version 2.x; I'm just not
particularly happy with the license.

-- 
Christopher Nielsen
Scient: The Art and Science of Electronic Business
<http://www.scient.com>
cnielsen@scient.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message