From owner-freebsd-security  Thu Sep  7 15:21:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: from xerxes.courtesan.com (64-6-178-150.den1.phoenixdsl.net [64.6.178.150])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1C7B637B422; Thu,  7 Sep 2000 15:21:07 -0700 (PDT)
Received: from xerxes.courtesan.com (millert@localhost)
	by xerxes.courtesan.com (8.10.1/8.10.1) with ESMTP id e87MKnj06972;
	Thu, 7 Sep 2000 16:20:49 -0600 (MDT)
Message-Id: <200009072220.e87MKnj06972@xerxes.courtesan.com>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: "Todd C. Miller" <Todd.Miller@courtesan.com>,
	"Vladimir Mencl, MK,     susSED" <mencl@nenya.ms.mff.cuni.cz>,
	"Andrey A. Chernov" <ache@nagual.pp.ru>,
	Warner Losh <imp@village.org>, freebsd-security@FreeBSD.org,
	security-officer@FreeBSD.org
Subject: Re: UNIX locale format string vulnerability (fwd) 
In-reply-to: Your message of "Thu, 07 Sep 2000 15:20:08 PDT."
             <Pine.BSF.4.21.0009071516460.16976-100000@freefall.freebsd.org> 
References: <Pine.BSF.4.21.0009071516460.16976-100000@freefall.freebsd.org> 
Date: Thu, 07 Sep 2000 16:20:49 -0600
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.21.0009071516460.16976-100000@freefall.freebsd.org>
	so spake Kris Kennaway (kris):

> IMO, sudo (and all other similar "limited privilege" programs) needs to
> take a positive filtering approach: disallow all variables by default,
> except for those on a defined list of allowed variables for that
> application.

Yes, there's really no other way to win the 'battle' if you will.

 - todd


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message