From owner-freebsd-audit  Wed Dec  1  8:11:21 1999
Delivered-To: freebsd-audit@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 30C6E14D78
	for <freebsd-audit@freebsd.org>; Wed,  1 Dec 1999 08:11:18 -0800 (PST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id JAA13381;
	Wed, 1 Dec 1999 09:09:44 -0700 (MST)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA02320; Wed, 1 Dec 1999 09:09:43 -0700 (MST)
Message-Id: <199912011609.JAA02320@harmony.village.org>
To: tstromberg@rtci.com
Subject: Re: Where to start? Heres a few overflows. 
Cc: freebsd-audit@freebsd.org
In-reply-to: Your message of "Wed, 01 Dec 1999 08:50:49 EST."
		<384527B9.3A3E3C41@rtci.com> 
References: <384527B9.3A3E3C41@rtci.com>  <38445A6A.50245AF5@rtci.com> <199911302322.QAA05983@harmony.village.org> 
Date: Wed, 01 Dec 1999 09:09:43 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <384527B9.3A3E3C41@rtci.com> Thomas Stromberg writes:
: > : *rdump           overflow when giving it a partition to dump
: > :          ex: rdump -0 [A*1024]
: > 
: > These are fixed in -current.  I've not backported to stable, but should.
: 
: Seeing as it's suid, It should probably be expidited. I myself took the
: suid bit off of it on my -STABLE boxes (I usually do, since I make no
: use of dump as non-root). 

Yes.  However, this buffer overflow appears to be benign given the
memory layout.  I did an extensive analysis of this which I sent to
Thomas a while ago which showed that it was a bug, but not a
penetration bug.

A good project would be to bring in the fork write(1) rather than
putting that functionality inside dump changes OpenBSD made years
ago.

: Did you have any luck re-creating it with the script I sent you?
: Interested to see if this becomes a systat or a curses thing..

No.  I tried once, but it didn't fail and I've not gotten back to it.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message