From owner-freebsd-security  Tue Apr 21 04:20:15 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA16578
          for freebsd-security-outgoing; Tue, 21 Apr 1998 04:20:15 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from kamna.eunet.cz (kamna.eunet.cz [193.85.255.30])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA16112
          for <freebsd-security@FreeBSD.ORG>; Tue, 21 Apr 1998 11:17:03 GMT
          (envelope-from martin@eunet.cz)
Message-Id: <199804211117.LAA16112@hub.freebsd.org>
Received: (qmail 9721 invoked from network); 21 Apr 1998 11:16:20 -0000
Received: from woody.eunet.cz (HELO eunet.cz) (@193.85.255.60)
  by kamna.eunet.cz with SMTP; 21 Apr 1998 11:16:20 -0000
X-Mailer: exmh version 2.0.2 2/24/98
To: freebsd-security@FreeBSD.ORG
Subject: Re: Nasty security hole in "lprm" (fwd) 
In-reply-to: Your message of "Mon, 20 Apr 1998 13:57:42 EDT."
             <Pine.BSF.3.96.980420135732.20071A-100000@fledge.watson.org> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 21 Apr 1998 13:16:19 +0200
From: Martin Machacek <martin@eunet.cz>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

> 
> Do we got this one?
> 
> lprm -Psome_remote `perl -e 'print "a" x 2000'`
> Segmentation fault

Seems, that at least FreeBSD-3.0 is safe. I've tried it in tcsh, csh, bash 
an sh and I've got either:

<name_of_the_printserver>: lpd: Command line too long

or

Word too long.

The ultimate check is to look into code, of course ...
-- 
Martin Machacek
[Internet CZ, Zirovnicka 6/3133, 106 00 Prague 10, Czech Republic]
[phone: +420 2 71760337 fax: +420 2 24245125]
[PGP KeyID 00F9E4BD]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message