Date: Mon, 20 Jul 1998 17:28:51 -0600 From: Brett Glass <brett@lariat.org> To: Paul Hart <hart@iserver.com> Cc: security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807202328.RAA26899@lariat.lariat.org> In-Reply-To: <Pine.BSI.3.96.980720142915.6556A-100000@anchovy.orem.iserv er.com> References: <199807201732.LAA20377@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:57 PM 7/20/98 -0600, Paul Hart wrote: >I will not argue with the statement that C gives you the potential to hurt >yourself. It does. BUT, so do power tools, knives, and blunt objects. >These things can and should be used with care, but we shouldn't >necessarily get rid of them just because people can hurt themselves with >them. The world is a dangerous place, so be careful. My wood shop >teacher in junior high school made us all take a power tool safety course >before we could operate the shop's table saw. And I'll bet he would not have let you use a table saw without a blade guard, or with a broken blade. Nor would he let you rip wood on a radial arm saw, which can kick the work back in your face -- hard. Same thing with C. It's an old, rusty, broken tool without blade guards, and it's not well suited to purpose. Your old shop teacher wouldn't have let it in the shop. >Maybe programmers writing >software that runs as root should be just as careful. ...and boot C out of the shop. >Often times "being careful" just means rethinking your C coding style. >Instead of using strcpy(), use strncpy(). That's not too hard of change, >is it? Well, then why not boot strcpy() out of the library? Bzzzt.... Sorry, history (in other words, prior mistakes) is no excuse. Of course, because of pointer/array equivalence, this wouldn't BEGIN to close the holes. >As a simple example, your entire qpopper problem would have been >non-existent if the programmer would have used vsnprintf() instead of >vsprintf(). Funny what a difference a single character makes. One of the programmers in charge of maintaining that code wrote me as follows just yesterday: You are right about sprintf and vsprintf may cause the overflows. What I did in 2.5 is to contain the external values (mostly user generated) as a quick patch. I guess using those calls for internal data (where the size is known) is safe. In short, time to take the tool out of the shop. If it's even THERE, students unclear on the concept will kill themselves. >Consider Bugtraq and the other popular security mailing lists as required >reading. Absolutely. None of these holes would have taken you by >surprise if you had diligently read these lists. Not necessarily. An exploit can be used long before it hits the lists. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807202328.RAA26899>