Date: Mon, 1 May 2000 10:44:54 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Joe Karthauser <joe@pavilion.net> Cc: Mike Heffner <spock@techfour.net>, FreeBSD-audit <FreeBSD-audit@freebsd.org> Subject: Re: three small patches - oflows Message-ID: <Pine.NEB.3.96L.1000501104321.11476C-100000@fledge.watson.org> In-Reply-To: <20000429141039.A48739@pavilion.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I noticed a bunch of commits go in labeled, ``fix buffer overflow'' -- any chance you could include a note indicating whether or not they represent a security hole in the base configuration/etc? I.e., the natd buffer overflow does not present a security risk (that I'm aware of) as it's not setugid, and when it does run with privilege only the caller can specify the arguments? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000501104321.11476C-100000>