From owner-freebsd-audit Tue Jun 5 4:59: 0 2001 Delivered-To: freebsd-audit@freebsd.org Received: from shade.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 8CEBE37B405; Tue, 5 Jun 2001 04:58:57 -0700 (PDT) (envelope-from nectar@nectar.com) Received: (from nectar@localhost) by shade.nectar.com (8.11.3/8.11.3) id f55Bwqk31009; Tue, 5 Jun 2001 06:58:52 -0500 (CDT) (envelope-from nectar) Date: Tue, 5 Jun 2001 06:58:52 -0500 From: "Jacques A. Vidrine" To: freebsd-audit@freebsd.org Cc: mikeh@freebsd.org Subject: Re: Fwd: [$HOME buffer overflow in SunOS 5.8 x86] Message-ID: <20010605065852.B30939@shade.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-audit@freebsd.org, mikeh@freebsd.org References: <20010604185510.B47924@shade.nectar.com> <20010604191356.A48356@shade.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010604191356.A48356@shade.nectar.com>; from n@nectar.com on Mon, Jun 04, 2001 at 07:13:57PM -0500 X-Url: http://www.nectar.com/ Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Jun 04, 2001 at 07:13:57PM -0500, Jacques A. Vidrine wrote: > On Mon, Jun 04, 2001 at 06:55:11PM -0500, Jacques A. Vidrine wrote: > > There are several other potential overflows (sprintf, strcpy), but > > here is a patch for ones involving HOME. I don't think this > > represents a security problem, though. > > Oops, forgot patch to extern.h. Here's the whole set again, with that > leading. I had a dream last night that someone already patched this, and more, in -CURRENT over 2 months ago, and that I had even reviewed the changes 8-) I don't know why I didn't check -CURRENT before doing a quick fix. Mike, how about MFCing your mail commits? Cheers, -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message