Date: Wed, 5 Feb 1997 00:50:02 +1100 From: Bruce Evans <bde@zeta.org.au> To: mycroft@GNU.AI.MIT.EDU, proff@suburbia.net Cc: security@freebsd.org Subject: Re: Critical Security Problem in 4.4BSD crt0 Message-ID: <199702041350.AAA22898@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>> I'd like to point out that, despite the subject line, this hole has >> nothing to do with 4.4BSD; it is specific to FreeBSD, and does *not* >> affect other 4.4BSD-derived systems. >> > >Yes, it does. But not by crt0. 4.4Lite uses snprintf() to avoid the buffer overrun. I think it doesn't actually use the buffer contents, so it has no problems with user-supplied buffer contents or self-supplied truncation of the buffer. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702041350.AAA22898>