Date: Wed, 30 Aug 1995 04:11:41 +1000 From: Bruce Evans <bde@zeta.org.au> To: jmb@kryten.Atinc.COM, security@freebsd.org Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) Message-ID: <199508291811.EAA28657@godzilla.zeta.org.au>
index | next in thread | raw e-mail
>from a quick persual of the syslog.c that we have in -stable, i'd say >that FreeBSD is vunerable to this attack. our syslog has fixed size >buffers and uses sprintf to write to them. should be changed to >snprintf--a quick persual says that should do the trick >shades of rtm Anyone for execute-protected data by default if the machine can support it? Programs that want to execute data should have to request it and everything else would be more secure. Brucehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508291811.EAA28657>