Date: Sat, 12 Aug 2000 01:32:38 -0400 (EDT) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: audit@freebsd.org Subject: Re: Fuzz testing Message-ID: <Pine.BSF.4.21.0008120128150.2231-100000@green.dyndns.org> In-Reply-To: <Pine.BSF.4.21.0007310408460.633-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 31 Jul 2000, Kris Kennaway wrote: > For example: > > a2p.core as.core csh.core flex++.core flex.core sh.core I've been tracking down sh.core, because I consider this very important. The shells _must_ be secure, and "crashing" bugs certainly don't make them seem so. In the sh(1) case, it crashes on input of control characters. This wouldn't be a problem normally, because there is tons of code in sh(1) that is made to support escaping all evil control characters in the input. However, Martin Cracauer seems to think making it 8-bit clean is done by not escaping the control characters :-( I have no idea how you would believe that control characters are "okay" to leave unescaped "just because" they're used by a character set, and indeed that should be all the more reason to make sure they're properly escaped. This needs a hell of a lot of reversion to fix. Yes, I think this probably security implications :-( -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008120128150.2231-100000>