From owner-freebsd-security  Sun Nov  1 19:28:34 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA22594
          for freebsd-security-outgoing; Sun, 1 Nov 1998 19:28:34 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA22588
          for <freebsd-security@FreeBSD.ORG>; Sun, 1 Nov 1998 19:28:33 -0800 (PST)
          (envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) id TAA26673;
	Sun, 1 Nov 1998 19:27:25 -0800 (PST)
Message-ID: <19981101192724.A26335@best.com>
Date: Sun, 1 Nov 1998 19:27:24 -0800
From: "Jan B. Koum " <jkb@best.com>
To: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
Cc: freebsd-security@FreeBSD.ORG, winter@jurai.net
Subject: Re: SSH vsprintf patch. (You've been warned Mr. Glass)
References: <98Nov2.132551est.40330@border.alcanet.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <98Nov2.132551est.40330@border.alcanet.com.au>; from Peter Jeremy on Mon, Nov 02, 1998 at 01:26:18PM +1100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Nov 02, 1998 at 01:26:18PM +1100, Peter Jeremy <peter.jeremy@auss2.alcatel.com.au> wrote:
> "Matthew N. Dodd" <winter@jurai.net> wrote:
> >  At this point there isn't any reason not to go about fixing these
> >potential problems though.
> 
> ssh also contains a large number of sprintf() calls.  Not all of these
> are immediately innocuous.  There are also 2 sscanf() calls with %s
> formats which could be dangerous.  Not to mention the str[n]cat() and
> str[n]cpy() calls.  Unfortunately I have another bushfire to worry
> about right now, or I'd check through them as well.
> 
> The problem with C is that there are too many ways to shoot yourself
> in the foot...  A full security audit on ssh (which it sounds like it
> might need) would be fairly time-consuming.
> 
> Peter
> --
> Peter Jeremy (VK2PJ)                    peter.jeremy@alcatel.com.au
> Alcatel Australia Limited
> 41 Mandible St                          Phone: +61 2 9690 5019
> ALEXANDRIA  NSW  2015                   Fax:   +61 2 9690 5247
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

	Which is why when you install ssh, you can run ./configure with 
	"--disable-suid-ssh" argument.

-- Yan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message