Date: Sun, 29 May 2005 15:45:30 GMT From: "Simon L. Nielsen" <simon@FreeBSD.org> To: venglin@freebsd.lublin.pl, simon@FreeBSD.org, freebsd-bugs@FreeBSD.org, simon@FreeBSD.org Subject: Re: bin/80661: [patch] [SECURITY] Missing NULL termination after strncpy() in rlogin(1) Message-ID: <200505291545.j4TFjUQa057820@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Synopsis: [patch] [SECURITY] Missing NULL termination after strncpy() in rlogin(1) State-Changed-From-To: open->feedback State-Changed-By: simon State-Changed-When: Sun May 29 15:33:56 GMT 2005 State-Changed-Why: We (the Security Team) can't find anywhere in the code-path where this bug where this could lead to a situation that could be exploited as a security vulnerability. You could crash rlogin, but not in a way which would cause it to execute arbitrary cod as root. Have you found any explicit place this bug could be exploited? In any case, I have committed the patch to RELENG_4 since not NUL terminating the buffer is certainly a bug, even it's not a security bug. Thanks for the report. I'm keeping the PR open in feedback state for now, since I would like to hear comments from Przemyslaw Frasunek before totally closing this issue. Responsible-Changed-From-To: freebsd-bugs->simon Responsible-Changed-By: simon Responsible-Changed-When: Sun May 29 15:33:56 GMT 2005 Responsible-Changed-Why: I will handle followups. http://www.freebsd.org/cgi/query-pr.cgi?pr=80661
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505291545.j4TFjUQa057820>