Date: Thu, 17 Mar 2005 21:37:15 -0800 From: Colin Percival <cperciva@freebsd.org> To: David Schultz <das@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: no patch, is there a problem Message-ID: <423A690B.5010305@freebsd.org> In-Reply-To: <20050318052656.GA40243@VARK.MIT.EDU> References: <423A1842.4050603@open-networks.net> <423A19B2.7000602@freebsd.org> <20050318052656.GA40243@VARK.MIT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
David Schultz wrote: > On Thu, Mar 17, 2005, Colin Percival wrote: >>We're not affected. The problem is in copyoutstr(), >>which doesn't exist in FreeBSD. > > It exists on FreeBSD/alpha because it was blindly copied from > NetBSD. However, we don't use it, and it appears to do proper > validation anyway. Heh. The problem was in Net/OpenBSD's implementations of copyoutstr() on i386 and amd64 only. > I'm not sure whether the bugtraq submitter is intentionally > spreading FUD or just lazy; the assertion that we do ``no > validation'' in copyout is patently false. I'm sure someone wrote "multiple BSDs" and someone else read that as including FreeBSD. The problem description was correct, for the affected systems -- the i386 and amd64 versions of copystrout() on OpenBSD and NetBSD did not do any validation of the target address. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?423A690B.5010305>