Date: Mon, 10 Feb 1997 18:06:21 +0200 (EET) From: Alexander Snarskii <snar@lucky.net> To: michaelh@cet.co.jp (Michael Hancock) Cc: freebsd-hackers@freebsd.org Subject: Re: Increasing overall security.... Message-ID: <199702101606.SAA08033@burka.carrier.kiev.ua> In-Reply-To: <Pine.SV4.3.95.970210103603.19450A-100000@parkplace.cet.co.jp> from "Michael Hancock" at Feb 10, 97 10:38:07 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Sun, 9 Feb 1997, Alexander Snarskii wrote: > > > I want to contribute patch to libc to made FreeBSD unexploitable > > with standard 'stack overflow' attacks. > > > > All i wanted, is to made my FreeBSD-based host as secure as possible. > > And i havent found no such man as Theo de Raadt in FreeBSD project, > > so the source tree still contains some exploitable 'stack overflow' > > security holes. Most of which is based on using some 'insecure' > > functions like 'strcpy', 'sprintf' and so in setuid programs. > > Look in the cvs logs for recent commits by imp for example rlogind, rshd, > etc. Well, i saw that changes. But, my reasons to ask to commit these patches is: 1) Any usage of strcpy and so in any program is a 'Bad Thing' (tm). Because if the program is even running with (euid==uid)&&(euid!=0), dumping of they're core is abnormaal situation. Program, which dumps his core because it uses strcpy or so, is not working with all set of paramertres/enviroinment/input and so, so it has some incorrectness inside. 2) Programs, which uses strcpy or so, when running with euid=0 is a 'Worst thing' (tm), because more than 75% of security problems of last year was based on incorrect usage of strcpy or so. 3) Well, rlogind, rshd and so is under FreeBSD team responsibility, his code is checked and have no this problems any more. But, there are so many other programs, which are running as root, and are out from FreeBSD team responsibility. ( sendmail, f.e :) ). And this programs can be used to break into your computer also! Last reason: Look to the /usr/src/lib/libc/stdio/gets.c - you'll see the warning about this function, which are printed everytime, when working programm calls this function first time. -- Alexander Snarskii the source code is included.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702101606.SAA08033>