From owner-freebsd-audit Mon Jan 1 10: 0:57 2001 From owner-freebsd-audit@FreeBSD.ORG Mon Jan 1 10:00:55 2001 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 4E74137B402 for ; Mon, 1 Jan 2001 10:00:51 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 51B711360E; Mon, 1 Jan 2001 13:00:50 -0500 (EST) Date: Mon, 1 Jan 2001 13:00:50 -0500 From: Chris Faulhaber To: Mike Heffner Cc: FreeBSD-audit Subject: Re: Overflows in /usr/bin (halfway) Message-ID: <20010101130050.A17572@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Mike Heffner , FreeBSD-audit References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from spock@techfour.net on Mon, Jan 01, 2001 at 11:34:29AM -0500 Sender: cdf.lists@fxp.org Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Jan 01, 2001 at 11:34:29AM -0500, Mike Heffner wrote: > Hi, > > I ran my overflow testing program through the /usr/bin directory. It tests for > command line and environment overflows. It only made it half way through, but > it so far detected 16 binaries that overflowed (out of 239). I've posted > the output (links below), anyone that's looking for something to do and has the > time might want to look through the output. > Sounds like fuzz, but with env var support. Any chance of a port? > http://my.ispchannel.com/~mheffner/freebsd/usr.bin.run-20001230-notemp.gz > 53.7KB / 1,462.1 KB (compressed/uncompressed) > A summary of the findings would have been nice (1.5M of repetitious data is, well, repetitious). The following is a list of the affected programs: doscmd dnsquery systat rpcgen ld as [Mm]ail lam jot indent hesinfo gate-ftp pftp ftp Many of these problems appear to be fixable with some simple bounds- checking. I have patches to fix a few of these (which may or may not have been submitted to -audit). See http://www.fxp.org/jedgar/FreeBSD/patches/pending/ Additionally, I have been building a list of potential problem programs to check/fix and will add these. -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message