From owner-freebsd-security  Tue Feb  4 05:53:00 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id FAA16503
          for security-outgoing; Tue, 4 Feb 1997 05:53:00 -0800 (PST)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA16498
          for <security@freebsd.org>; Tue, 4 Feb 1997 05:52:57 -0800 (PST)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.3/8.6.9) id AAA22898; Wed, 5 Feb 1997 00:50:02 +1100
Date: Wed, 5 Feb 1997 00:50:02 +1100
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199702041350.AAA22898@godzilla.zeta.org.au>
To: mycroft@GNU.AI.MIT.EDU, proff@suburbia.net
Subject: Re: Critical Security Problem in 4.4BSD crt0
Cc: security@freebsd.org
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>> I'd like to point out that, despite the subject line, this hole has
>> nothing to do with 4.4BSD; it is specific to FreeBSD, and does *not*
>> affect other 4.4BSD-derived systems.
>> 
>
>Yes, it does. But not by crt0.

4.4Lite uses snprintf() to avoid the buffer overrun.  I think it doesn't
actually use the buffer contents, so it has no problems with user-supplied
buffer contents or self-supplied truncation of the buffer.

Bruce