From owner-cvs-all Mon Mar 12 14:38:31 2001 Delivered-To: cvs-all@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-59.dsl.lsan03.pacbell.net [63.207.60.59]) by hub.freebsd.org (Postfix) with ESMTP id B80E337B718; Mon, 12 Mar 2001 14:38:24 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 71AFA66B6C; Mon, 12 Mar 2001 14:38:24 -0800 (PST) Date: Mon, 12 Mar 2001 14:38:24 -0800 From: Kris Kennaway To: Mikhail Teterin Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/net/scotty3 Makefile pkg-plist ports/net/scotty3/files patch-fixes scotty.c patch-ac patch-ad Message-ID: <20010312143824.B86831@mollari.cthul.hu> References: <200103121850.f2CIoYl73269@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="1UWUbFP1cBYEclgG" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200103121850.f2CIoYl73269@freefall.freebsd.org>; from mi@FreeBSD.org on Mon, Mar 12, 2001 at 10:50:34AM -0800 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --1UWUbFP1cBYEclgG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 12, 2001 at 10:50:34AM -0800, Mikhail Teterin wrote: > mi 2001/03/12 10:50:34 PST >=20 > Modified files: > net/scotty3 Makefile pkg-plist=20 > net/scotty3/files patch-ac patch-ad=20 > Added files: > net/scotty3/files patch-fixes scotty.c=20 > Log: > A number of changes and fixes: > . build with or without TK (triggered by the NO_X knob) > . build against TCL-8.3 -- with or without stubs > . fix some bugs in the core Scotty code -- most notably > a bug in the icmp-command implementation, where an off-by-one > error in the argument processing loop resulted in random > crashes; all this fixes are grouped into a single file > patch-fixes > . make scotty executable itself as small as it needs to be > =20 > Approved by: maintainer > =20 > Perhaps, some day the security officer will tell me what _exactly_ is > wrong with regular Scotty (this one is beta of the new version), and > I'll be able to freshen that one up too and remove the FORBIDDEN. Sorry, I don't recall you ever having asked. As I recall, there are a number of buffer overflows in command-line arguments of setugid programs: [-flag] `perl -e 'print "a"x5000'` Kris --1UWUbFP1cBYEclgG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6rU/gWry0BWjoQKURAjm4AKCv7OFViQ/P157MxTi72eqXT4m6dgCg5gct XoV1Hd23ugB7h/6+fT0r2RM= =iuX4 -----END PGP SIGNATURE----- --1UWUbFP1cBYEclgG-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message