Date: Wed, 4 Nov 1998 20:10:00 +1300 (NZDT) From: Andrew McNaughton <andrew@squiz.co.nz> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: Warner Losh <imp@village.org>, FreeBSD-security@FreeBSD.ORG Subject: Re: [rootshell] Security Bulletin #25 (fwd) Message-ID: <Pine.BSF.4.01.9811041946050.780-100000@aniwa.sky> In-Reply-To: <Pine.SOL.4.02A.9811041627410.24210-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 4 Nov 1998, Nicholas Charles Brawn wrote:
> Well I just grabbed 1.2.26 and did:
> find . -exec grep sprintf {} \; |wc -l
>
> And came up with 138 lines. Just having sprintf() in your code is not
> indicative of a vulnerability, but it's still a high number.
ssh is commonly used for piping substantial ammounts of data, and can
probably claim good reasons for using the faster non-bounds-checking
routines in many of these cases. Doesn't apply to low volume things like
the logging routines though.
Andrew
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9811041946050.780-100000>