Date: Fri, 1 Sep 1995 07:42:59 +0100 (BST) From: Karl Strickland <karl@bagpuss.demon.co.uk> To: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> Cc: peter@haywire.dialix.com, freebsd-security@freebsd.org, eric@cs.berkeley.edu Subject: Re: Eric Allman's syslog.c fixes Message-ID: <199509010643.HAA08351@bagpuss.demon.co.uk> In-Reply-To: <199508312137.OAA12750@gndrsh.aac.dev.com> from "Rodney W. Grimes" at Aug 31, 95 02:37:49 pm
next in thread | previous in thread | raw e-mail | index | archive | help
>
> >
> > Eric Allman is running a new syslog.c through the mill at the
> > moment. It'll be the one published in the RSN CERT advisory I presume.
> >
> > It's thought to be bomproof on 4.4BSD systems (it uses vsnprintf), and
> > the only holdup is portability to other OS's.
> >
> > I keep a pretty close eye on this area, as it's sendmail related. Is
> > it worth bringing in the currently 'endorsed' version, and updating it
> > to the CERT version if there are any changes later?
>
> Yes, that would give Eric additional test data and eyes looking at
> the solution.
I think that the fmt string should also be bounds checked - there is still
no bounds check on the copy from the user supplied fmt string into the
internal buffer. Having said that, Im not aware of anything that lets
the user mess with the fmt string, but I think it makes sense to fix it
at this point.
Other than that, it looks good to me -- I did a make world (yes i know
its extreme :)) with it and its been going without problems for > 24 hours..
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509010643.HAA08351>