From owner-freebsd-security  Thu Aug 31 14:38:29 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id OAA25889
          for security-outgoing; Thu, 31 Aug 1995 14:38:29 -0700
Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id OAA25883
          for <freebsd-security@freebsd.org>; Thu, 31 Aug 1995 14:38:27 -0700
Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id OAA12750; Thu, 31 Aug 1995 14:37:49 -0700
From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com>
Message-Id: <199508312137.OAA12750@gndrsh.aac.dev.com>
Subject: Re: Eric Allman's syslog.c fixes
To: peter@haywire.dialix.com (Peter Wemm)
Date: Thu, 31 Aug 1995 14:37:49 -0700 (PDT)
Cc: freebsd-security@freebsd.org
In-Reply-To: <42548i$agm$1@haywire.DIALix.COM> from "Peter Wemm" at Sep 1, 95 03:58:10 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 703       
Sender: security-owner@freebsd.org
Precedence: bulk

> 
> Eric Allman is running a new syslog.c through the mill at the
> moment. It'll be the one published in the RSN CERT advisory I presume.
> 
> It's thought to be bomproof on 4.4BSD systems (it uses vsnprintf), and
> the only holdup is portability to other OS's.
> 
> I keep a pretty close eye on this area, as it's sendmail related.  Is
> it worth bringing in the currently 'endorsed' version, and updating it
> to the CERT version if there are any changes later?

Yes, that would give Eric additional test data and eyes looking at
the solution.

-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                 Reliable computers for FreeBSD