From owner-freebsd-security  Tue Jul 21 00:38:51 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA00889
          for freebsd-security-outgoing; Tue, 21 Jul 1998 00:38:51 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA00853
          for <security@FreeBSD.ORG>; Tue, 21 Jul 1998 00:38:39 -0700 (PDT)
          (envelope-from andrew@squiz.co.nz)
Received: from localhost (andrew@localhost)
	by aniwa.sky (8.8.7/8.8.7) with SMTP id TAA10219;
	Tue, 21 Jul 1998 19:37:12 +1200 (NZST)
	(envelope-from andrew@squiz.co.nz)
Date: Tue, 21 Jul 1998 19:37:10 +1200 (NZST)
From: Andrew McNaughton <andrew@squiz.co.nz>
X-Sender: andrew@aniwa.sky
Reply-To: andrew@squiz.co.nz
To: Garance A Drosihn <drosih@rpi.edu>
cc: Paul Hart <hart@iserver.com>, Brett Glass <brett@lariat.org>,
        security@FreeBSD.ORG
Subject: Re: The 99,999-bug question: Why can you execute from the   stack?
In-Reply-To: <v04011704b1d9a14fc0d0@[128.113.24.47]>
Message-ID: <Pine.BSF.3.96.980721190200.2273O-100000@aniwa.sky>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 20 Jul 1998, Garance A Drosihn wrote:
> At 2:57 PM -0600 7/20/98, Paul Hart wrote:
> >On Mon, 20 Jul 1998, Brett Glass wrote:
> >
> >> I would argue that the real problem is unsafe tools. C and its libraries
> >> have, from the start, been rusty, and unsafe, with no safeguards against
> >> cutting one's head off.
> >
> > Often times "being careful" just means rethinking your C coding style.
> > Instead of using strcpy(), use strncpy().  That's not too hard of change,
> > is it?  As a simple example, your entire qpopper problem would have been
> > non-existent if the programmer would have used vsnprintf() instead of
> > vsprintf().  Funny what a difference a single character makes.
> 
> It is not a hard change.  That, however, is no consolation to anyone
> nailed by this.  The fact is that QPOPPER did use vsprintf, and that
> (apparently) no one noticed it.  It wasn't *Brett's* coding style that
> will cause *Brett* to lose a few weeks of time here.
> 
> Perhaps we could think up some changes which would make these bad
> coding decisions much more obvious.  And if we do that, then maybe we
> catch more of them before getting bitten by them, instead of after the
> fact.  I don't mean to be inflammatory here, I just wonder if there's
> some changes which could be made which would safe "future Brett's" from
> losing a large chunk of time.

-- cut --
#!/bin/sh
for i in `ls  /bin/* /usr/bin/* /usr/local/bin/*`
do 
  strings $i | grep vsprintf | sed -e "s|^|$i: |"
done

-- cut --

Yikes.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message