Date: Thu, 17 Mar 2005 21:37:15 -0800 From: Colin Percival <cperciva@freebsd.org> To: David Schultz <das@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: no patch, is there a problem Message-ID: <423A690B.5010305@freebsd.org> In-Reply-To: <20050318052656.GA40243@VARK.MIT.EDU> References: <423A1842.4050603@open-networks.net> <423A19B2.7000602@freebsd.org> <20050318052656.GA40243@VARK.MIT.EDU>
index | next in thread | previous in thread | raw e-mail
David Schultz wrote: > On Thu, Mar 17, 2005, Colin Percival wrote: >>We're not affected. The problem is in copyoutstr(), >>which doesn't exist in FreeBSD. > > It exists on FreeBSD/alpha because it was blindly copied from > NetBSD. However, we don't use it, and it appears to do proper > validation anyway. Heh. The problem was in Net/OpenBSD's implementations of copyoutstr() on i386 and amd64 only. > I'm not sure whether the bugtraq submitter is intentionally > spreading FUD or just lazy; the assertion that we do ``no > validation'' in copyout is patently false. I'm sure someone wrote "multiple BSDs" and someone else read that as including FreeBSD. The problem description was correct, for the affected systems -- the i386 and amd64 versions of copystrout() on OpenBSD and NetBSD did not do any validation of the target address. Colin Percivalhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?423A690B.5010305>