From owner-freebsd-audit  Mon Aug 20  4:29:52 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-7.dsl.lsan03.pacbell.net [63.207.60.7])
	by hub.freebsd.org (Postfix) with ESMTP
	id C902937B41C; Mon, 20 Aug 2001 04:29:46 -0700 (PDT)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 11B1A66D15; Mon, 20 Aug 2001 04:29:46 -0700 (PDT)
Date: Mon, 20 Aug 2001 04:29:45 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Akinori MUSHA <knu@iDaemons.org>
Cc: audit@FreeBSD.ORG, "Brian F. Feldman" <green@FreeBSD.ORG>,
	Mike Barcroft <mike@FreeBSD.ORG>, ports@FreeBSD.ORG
Subject: Re: adding -P option to pkg_delete(1)
Message-ID: <20010820042945.A85555@xor.obsecurity.org>
References: <86ofpl0yq8.wl@archon.local.idaemons.org> <200108122310.f7CNAUZ01898@green.bikeshed.org> <86k804weed.wl@archon.local.idaemons.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <86k804weed.wl@archon.local.idaemons.org>; from knu@iDaemons.org on Thu, Aug 16, 2001 at 06:19:22PM +0900
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG


--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thu, Aug 16, 2001 at 06:19:22PM +0900, Akinori MUSHA wrote:

> We'll have to audit the whole pkg_install code to eliminate possible
> buffer overflows.

Well, there are literally dozens or hundreds of those.  You can almost
count the *safe* string operations in that code on one hand :-)

Kris

--SLDf9lqlvOQaIe6s
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7gPSpWry0BWjoQKURArMSAJ96JUWKwPRbJpwlpfmwQV0puOHlAgCeIjNP
InusjbnodGF5qOOkFcL5Lt0=
=qqLL
-----END PGP SIGNATURE-----

--SLDf9lqlvOQaIe6s--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message