Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Nov 1999 10:19:37 +1100
From:      Peter Jeremy <peter.jeremy@alcatel.com.au>
To:        David O'Brien <obrien@FreeBSD.ORG>
Cc:        current@FreeBSD.ORG
Subject:   Re: FreeBSD security auditing project.
Message-ID:  <99Nov24.101250est.40341@border.alcanet.com.au>
In-Reply-To: <19991123142626.D49964@dragon.nuxi.com>
References:  <99Nov24.075703est.40331@border.alcanet.com.au> <Pine.BSF.4.21.9911231412030.46173-100000@hub.freebsd.org> <19991123142626.D49964@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 1999-Nov-24 09:26:26 +1100, David O'Brien wrote:
>> > A 'grep | wc' equivalent over the source tree gives:
>> > 
>> > gets        110
>> > strcat     2860
>> > strcpy     4717
>> > strncat     167
>> > strncpy    1514
>> > sprintf    6839
>> > vsprintf    133
>> 
>> *ouch* :-)
>
>This means nothing out of context.  I hope we don't go on a witch hunt.

Agreed.  I wasn't suggesting that all these occurrences are examples
of unsafe use.  They just give an order-of-magnitude indication of
the number of places they are used.

That said, I'm not sure that going through the code and checking every
call to strcpy() (for example) is the right way to go about things.
It _is_ possible to use strcpy() safely, at the same time, it is
possible to use strlcpy() or snprintf() _unsafely_ (mainly mis-
interpreting the return value when the result is larger than the
destination buffer).  In any case, you still miss the case where
someone has implemented their own string copy function and is using it
incorrectly.

I believe the correct way is a line-by-line audit of all the code,
checking for the various security problems.  One thing that would
help with this task is a list of code patterns that indicate security
problems.  This list will make it easier for auditors (and will
expand over time).

I suspect that a 'cvs diff' of the OpenBSD code tree is the best
starting point.

Peter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99Nov24.101250est.40341>