From owner-freebsd-security Mon Feb 10 14:02:15 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA28167 for security-outgoing; Mon, 10 Feb 1997 14:02:15 -0800 (PST) Received: from www.trifecta.com (www.trifecta.com [206.245.150.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA28125 for ; Mon, 10 Feb 1997 14:01:17 -0800 (PST) Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id RAA07786; Mon, 10 Feb 1997 17:01:09 -0500 (EST) Date: Mon, 10 Feb 1997 17:01:09 -0500 (EST) From: Dev Chanchani To: "M.C Wong" cc: security@freebsd.org Subject: Re: Writing buffer overwrite on FreeBSD ? In-Reply-To: <199702101920.OAA24541@fabius.globecomm.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk M.C Wong, The code you are talking about deals with a buffer overflow in syslog. This overflow was fixed a long time ago in Freebsd and your system is probably not vulerable to that particlular overflow anymore. Dev Chanchani On Tue, 11 Feb 1997, M.C Wong wrote: > Dear Sir/Madam, > > With reference to http://www.l0pht.com/advisories/bufero.html, I wonder > if anyone manage to make 2nd cut of the program used in the tutorial > (syslog_test_2.c) throws out a SIGTRAP ? Similarly for the 3rd cut and > the final program which runs smoothly from begining to end and not > causing any error. Am I reading the codes wrongly ? > > I understand the code was originally written on BSDI system but thought > the similarity between it and FreeBSD should exhibit the same bahaviour > when executing the codes. Not! > > Have someone had any experience in writing similar buffer overun test > code that actually works on a FreeBSD box ? > > Appreciate sharing of such information if available. > > Regards, > > M.C Wong >