Date: Wed, 30 Aug 1995 04:11:41 +1000 From: Bruce Evans <bde@zeta.org.au> To: jmb@kryten.Atinc.COM, security@freebsd.org Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) Message-ID: <199508291811.EAA28657@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>from a quick persual of the syslog.c that we have in -stable, i'd say >that FreeBSD is vunerable to this attack. our syslog has fixed size >buffers and uses sprintf to write to them. should be changed to >snprintf--a quick persual says that should do the trick >shades of rtm Anyone for execute-protected data by default if the machine can support it? Programs that want to execute data should have to request it and everything else would be more secure. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508291811.EAA28657>