From owner-freebsd-security Wed Feb 5 13:16:05 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA12482 for security-outgoing; Wed, 5 Feb 1997 13:16:05 -0800 (PST) Received: from Mailbox.mcs.com (Mailbox.mcs.com [192.160.127.87]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA12449 for ; Wed, 5 Feb 1997 13:15:59 -0800 (PST) Received: from Jupiter.Mcs.Net (karl@Jupiter.mcs.net [192.160.127.88]) by Mailbox.mcs.com (8.8.5/8.8.2) with ESMTP id PAA06642; Wed, 5 Feb 1997 15:15:56 -0600 (CST) Received: (from karl@localhost) by Jupiter.Mcs.Net (8.8.5/8.8.2) id PAA14224; Wed, 5 Feb 1997 15:15:55 -0600 (CST) From: Karl Denninger Message-Id: <199702052115.PAA14224@Jupiter.Mcs.Net> Subject: Re: PATCH for *ALL* FreeBSD Setlocale() problems - EVERYONE SHOULD READ THIS MESSAGE To: tenser@spitfire.ecsel.psu.edu (Dan Cross) Date: Wed, 5 Feb 1997 15:15:55 -0600 (CST) Cc: karl@mcs.net, security@freebsd.org In-Reply-To: <19970205210908.417.qmail@spitfire.ecsel.psu.edu> from "Dan Cross" at Feb 5, 97 04:09:08 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > I will EXPECT that these will show up in the CVS tree within 48 hours > > unless there are VERY good reasons expressed for them not being included. > > I WILL be looking for them to appear. > > Well, for -current, they are somewhat unnecessary. I made a complete > fool out of myself last night on freebsd-bugs, thus implicitly demons- > trating this. :-) > > Remember, folks, not *all* calls to strcpy() are bad; sometimes range > checking can be accomplished in non-intuitive ways. I expect that just > back-porting the code from -current into 2.1 and 2.2 will be enough to > solve the problem. > > However, if I am incorrect and you have an exploit that runs against > -current, please let me know, as I would like to see where the error > lies. However, I poured over the -current code last night, and while > I agree that it needs a bath, I'm pretty certain that it's secure. > > Thanks! > > - Dan C. > > (...whose actually gotten some sleep now, and isn't so quick to make > stupid mistakes in his trains of thought... :-) No. Try the exploit against an unpatched system's "at" program. It dumps core, which means that you're vulnerable (the stack got blasted). -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 773 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal