Date: Wed, 28 Aug 1996 12:34:47 +0930 (CST) From: newton@communica.com.au (Mark Newton) To: zach@blizzard.gaffaneys.com (Zach Heilig) Cc: gene@starkhome.cs.sunysb.edu, security@freebsd.org Subject: Re: Vulnerability in the Xt library (fwd) Message-ID: <9608280304.AA14763@communica.com.au> In-Reply-To: <87hgpqo50j.fsf@freebsd.gaffaneys.com> from "Zach Heilig" at Aug 26, 96 04:42:52 am
next in thread | previous in thread | raw e-mail | index | archive | help
Zach Heilig wrote: > What we need is a lint-like utility (better > than gcc) that can warn when it finds code like: > > { > int buf[somesize]; > > strcpy(buf, argv[1]); > } > > which is dangerous in all programs, it's just less dangerous than in > setuid ones. Ah, you mean like the strcpy(pathbuf, home) in tgetent() in termcap.c? Really, strcpy isn't all such a program would need to look for. There are many C library routines which perform no bounds checking (sprintf(), gets(), strcpy() to name a few) and, even worse, there are countless home-grown memory to memory copy routines which have been written in ignorance of the possible consequences of poor range checking and the assumption that if a buffer overflows the program will crash and it's the stupid user's own fault. Essentially, your rebadged "lint" would end up attempting to be a program which tests the "correctness" of code, and if you can write one of them then I suspect you'll end up richer than Bill Gates :-) When gcc started printing "This program uses gets(), which is probably unsafe" the first time a program called gets(), users yelled and screamed their complaints for months. Regardless, I believe the best way to deal with errors caused by buffer overflows in standard C-library routines is going to be to insert similar warning messages in those programs and make sure that programmers know that their programs will be ugly if they use 'em. - mark [ running off to find setuid executables linked against termcap... <grin> ] --- Mark Newton Email: newton@communica.com.au Systems Engineer Phone: +61-8-373-2523 Communica Systems WWW: http://www.communica.com.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9608280304.AA14763>