From owner-cvs-lib  Fri Sep 15 09:15:04 1995
Return-Path: owner-cvs-lib
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id JAA18092
          for cvs-lib-outgoing; Fri, 15 Sep 1995 09:15:04 -0700
Received: from jhome.DIALix.COM (root@jhome.DIALix.COM [192.203.228.69])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id JAA18028
          ; Fri, 15 Sep 1995 09:14:44 -0700
Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id AAA03634; Sat, 16 Sep 1995 00:14:24 +0800
Date: Sat, 16 Sep 1995 00:14:23 +0800 (WST)
From: Peter Wemm <peter@jhome.DIALix.COM>
To: Nate Williams <nate@rocky.sri.MT.net>
cc: CVS-commiters@freefall.freebsd.org, cvs-lib@freefall.freebsd.org
Subject: Re: cvs commit: src/lib/libc/gen syslog.c
In-Reply-To: <199509151558.JAA16368@rocky.sri.MT.net>
Message-ID: <Pine.BSF.3.91.950915235736.1727B-100000@jhome.DIALix.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-lib@FreeBSD.org
Precedence: bulk

On Fri, 15 Sep 1995, Nate Williams wrote:
> Peter Wemm writes:
> > peter       95/09/15 06:53:41
> > 
> >   Modified:    lib/libc/gen  syslog.c
> >   Log:
> >   Fix security bugs with a "new approach", using stdio's powerful buffer
> >   control hooks.
> 
> Thanks for someone doing this.  Even if it's not completely secure, it's
> gotta be better than the original version.  Any chance of this getting
> into 2.1?

Lets let it settle for a couple of days of full scale acid testing first... 
:-)  (unless time is of the essence).

I personally think it's 100% bombproof from a security point of view, and 
nobody's pointed out any holes in it of the people who've had this shoved 
under their noses..   I guess a wider audience is certainly going to 
prove/disprove it.. :-)

Paul Traina was worried that I was not null terminating the buffer being 
transmitted, and was allowing null characters to be transmitted to 
syslogd..  I feel that it's more syslogd's problem *if* it chokes on null 
characters, because *anybody* can compile a program to transmit nulls to 
syslogd either over /dev/log or via the internet...  My testing in that 
area suggests that syslogd simply truncates the line being logged, 
which isn't exactly a crisis.. 

I think it does need to go into 2.1 sooner or later though, because since 
we ship binaries, it is inevitable that somebody will calculate the magic 
numbers for 2.0, 2.0.5, 2.1 etc sooner or later.

> Nate

Cheers,
-Peter