From owner-freebsd-current Thu Aug 8 22:48:36 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id WAA12922 for current-outgoing; Thu, 8 Aug 1996 22:48:36 -0700 (PDT) Received: from apocalypse.superlink.net (root@apocalypse.superlink.net [205.246.27.150]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id WAA12917 for ; Thu, 8 Aug 1996 22:48:30 -0700 (PDT) Received: (from marxx@localhost) by apocalypse.superlink.net (8.7.5/8.7.3) id WAA02145; Thu, 8 Aug 1996 22:00:21 -0400 (EDT) Date: Thu, 8 Aug 1996 22:00:19 -0400 (EDT) From: "Charles C. Figueiredo" To: Ollivier Robert cc: FreeBSD-current users Subject: Re: exploitable security risk In-Reply-To: <199608090454.GAA00939@keltia.freenix.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 9 Aug 1996, Ollivier Robert wrote: > According to Warner Losh: > > You might want to look at the OpenBSD CVS tree. They have been fixing > > a whole boatload of "oflow" cases in the BSD sources. I don't know if > > all of them are exploitable security holes or not, but they are likely > > bugs and should likely be looked at. > > It is a pity Theo doesn't want to talk about precisely what he fixed. ONe > has to go digging in the CVS tree to find the fixes... > -- > Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr > FreeBSD keltia.freenix.fr 2.2-CURRENT #17: Fri Aug 2 20:40:17 MET DST 1996 > To my knowledge, Theo hasn't been the one mainly doing a lot of security patches, a few others I know have. As for finding assorted bugs like these and other types, I have scripts that run through the source tree and produce 50MB and bigger files of stuff that needs to be cleaned up. :) Charles ------------------------------------------------------------------------------ Charles C. Figueiredo CCF13 marxx@doomsday.org ------------------------------------------------------------------------------