Date: Tue, 03 Nov 1998 23:06:52 -0700 From: Warner Losh <imp@village.org> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: FreeBSD-security@FreeBSD.ORG Subject: Re: [rootshell] Security Bulletin #25 (fwd) Message-ID: <199811040606.XAA26928@harmony.village.org> In-Reply-To: Your message of "Wed, 04 Nov 1998 16:29:40 %2B1100." <Pine.SOL.4.02A.9811041627410.24210-100000@banshee.cs.uow.edu.au> References: <Pine.SOL.4.02A.9811041627410.24210-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.SOL.4.02A.9811041627410.24210-100000@banshee.cs.uow.edu.au> Nicholas Charles Brawn writes:
: find . -exec grep sprintf {} \; |wc -l
: And came up with 138 lines. Just having sprintf() in your code is not
True. If you look close at all of those, you will find that they are,
for the most part, bounds checked in the code. While that doesn't
pass the grep test, it does tend to make things more secure.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811040606.XAA26928>