Date: Tue, 29 Aug 1995 19:05:33 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: bde@zeta.org.au (Bruce Evans) Cc: jmb@kryten.atinc.com, security@freebsd.org Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) Message-ID: <199508300205.TAA05481@gndrsh.aac.dev.com> In-Reply-To: <199508291811.EAA28657@godzilla.zeta.org.au> from "Bruce Evans" at Aug 30, 95 04:11:41 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > >from a quick persual of the syslog.c that we have in -stable, i'd say > >that FreeBSD is vunerable to this attack. our syslog has fixed size > >buffers and uses sprintf to write to them. should be changed to > >snprintf--a quick persual says that should do the trick > > >shades of rtm > > Anyone for execute-protected data by default if the machine can support > it? Programs that want to execute data should have to request it and > everything else would be more secure. Yes, good idea, wonder how many programs are going to sigbus on us after you implement this :-). -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508300205.TAA05481>