Date: Sun, 14 Jul 1996 10:22:32 -0700 From: Paul Traina <pst@shockwave.com> To: Wolfram Schneider <wosch@cs.tu-berlin.de> Cc: Nate Williams <nate@freefall.freebsd.org>, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c Message-ID: <199607141722.KAA07409@precipice.shockwave.com> In-Reply-To: Your message of "Sun, 14 Jul 1996 16:02:17 %2B0200." <199607141402.QAA00547@campa.panke.de>
next in thread | previous in thread | raw e-mail | index | archive | help
That's way over-board. The only case where sprintf can get you into trouble is if you're sprintfing tainted variables (to steal a perl term) into a stack buffer. From: Wolfram Schneider <wosch@cs.tu-berlin.de> Subject: cvs commit: src/usr.bin/rdist defs.h docmd.c expand.c lookup.c serv >>er.c Nate Williams writes: >nate 96/07/11 21:00:17 > > Modified: usr.bin/rdist defs.h docmd.c expand.c lookup.c server.c > Log: > Changed all sprintf() calls to snprintf(). > > Obtained from: Christos Zoulas <christos@deshaw.com> via NetBSD PR 262 >>1, > > [ slightly modified since we don't use libcompat anymore. ] > > I'm not sure if this fixes the rdist security bug completely, but it > sure can't hurt! Should we disable sprintf() for sgid/suid programs? find /bin /usr/bin /sbin /usr/sbin /usr/libexec -perm -u+s \ -o -perm -g+s |xargs egrep -l sprintf | wc -l 47
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607141722.KAA07409>