Date: Fri, 29 Aug 1997 08:08:15 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-hackers@FreeBSD.ORG Subject: Re: A disturbing discovery Message-ID: <19970829080815.WY53612@uriah.heep.sax.de> In-Reply-To: <199708290315.FAA06905@bitbox.follo.net>; from Eivind Eklund on Aug 29, 1997 05:15:41 %2B0200 References: <Pine.GSO.3.96.970828223602.3963B-100000@echonyc.com> <199708290315.FAA06905@bitbox.follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
As Eivind Eklund wrote: > > When I made world the other day, it installed sperl4.036 -- isn't that > > known to be insecure? > > Warner <imp@freebsd.org> fixed this, AFAIK. It was unsecure, but > nothing that is known to be insecure is shipped. That's not quite right. There was one more fix, and all FreeBSD versions that have been shipped went out with a version with a buffer overflow. Try an overly long identifier (> 256 chars) to see the problem. 2.2.5 will have this fix, of course. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970829080815.WY53612>