From owner-freebsd-hackers Sun Feb 9 17:38:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA27219 for hackers-outgoing; Sun, 9 Feb 1997 17:38:57 -0800 (PST) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA27212 for ; Sun, 9 Feb 1997 17:38:52 -0800 (PST) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.5/CET-v2.1) with SMTP id BAA19456; Mon, 10 Feb 1997 01:38:08 GMT Date: Mon, 10 Feb 1997 10:38:07 +0900 (JST) From: Michael Hancock To: Alexander Snarskii cc: freebsd-hackers@freebsd.org Subject: Re: Increasing overall security.... In-Reply-To: <199702091525.RAA05048@burka.carrier.kiev.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sun, 9 Feb 1997, Alexander Snarskii wrote: > I want to contribute patch to libc to made FreeBSD unexploitable > with standard 'stack overflow' attacks. > > All i wanted, is to made my FreeBSD-based host as secure as possible. > And i havent found no such man as Theo de Raadt in FreeBSD project, > so the source tree still contains some exploitable 'stack overflow' > security holes. Most of which is based on using some 'insecure' > functions like 'strcpy', 'sprintf' and so in setuid programs. Look in the cvs logs for recent commits by imp for example rlogind, rshd, etc. Mike Hancock