From owner-freebsd-security  Tue Aug 29 19:07:08 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id TAA03526
          for security-outgoing; Tue, 29 Aug 1995 19:07:08 -0700
Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id TAA03514
          for <security@freebsd.org>; Tue, 29 Aug 1995 19:06:50 -0700
Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id TAA05481; Tue, 29 Aug 1995 19:05:33 -0700
From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
Message-Id: <199508300205.TAA05481@gndrsh.aac.dev.com>
Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd)
To: bde@zeta.org.au (Bruce Evans)
Date: Tue, 29 Aug 1995 19:05:33 -0700 (PDT)
Cc: jmb@kryten.atinc.com, security@freebsd.org
In-Reply-To: <199508291811.EAA28657@godzilla.zeta.org.au> from "Bruce Evans" at Aug 30, 95 04:11:41 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 741       
Sender: security-owner@freebsd.org
Precedence: bulk

> 
> >from a quick persual of the syslog.c that we have in -stable, i'd say 
> >that FreeBSD is vunerable to this attack.  our syslog has fixed size 
> >buffers and uses sprintf to write to them.  should be changed to 
> >snprintf--a quick persual says that should do the trick
> 
> >shades of rtm
> 
> Anyone for execute-protected data by default if the machine can support
> it?  Programs that want to execute data should have to request it and
> everything else would be more secure.

Yes, good idea, wonder how many programs are going to sigbus on us
after you implement this :-).


-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                 Reliable computers for FreeBSD