Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Aug 1996 12:34:47 +0930 (CST)
From:      newton@communica.com.au (Mark Newton)
To:        zach@blizzard.gaffaneys.com (Zach Heilig)
Cc:        gene@starkhome.cs.sunysb.edu, security@freebsd.org
Subject:   Re: Vulnerability in the Xt library (fwd)
Message-ID:  <9608280304.AA14763@communica.com.au>
In-Reply-To: <87hgpqo50j.fsf@freebsd.gaffaneys.com> from "Zach Heilig" at Aug 26, 96 04:42:52 am
next in thread | previous in thread | raw e-mail | index | archive | help 
Zach Heilig wrote:
 
 > What we need is a lint-like utility (better
 > than gcc) that can warn when it finds code like:
 > 
 > {
 >   int buf[somesize];
 > 
 >   strcpy(buf, argv[1]);
 > }
 > 
 > which is dangerous in all programs, it's just less dangerous than in
 > setuid ones.

Ah, you mean like the strcpy(pathbuf, home) in tgetent() in termcap.c?

Really, strcpy isn't all such a program would need to look for.  There
are many C library routines which perform no bounds checking (sprintf(),
gets(), strcpy() to name a few) and, even worse, there are countless
home-grown memory to memory copy routines which have been written 
in ignorance of the possible consequences of poor range checking and
the assumption that if a buffer overflows the program will crash and
it's the stupid user's own fault.  Essentially, your rebadged "lint" would
end up attempting to be a program which tests the "correctness" of code,
and if you can write one of them then I suspect you'll end up richer than
Bill Gates :-)

When gcc started printing "This program uses gets(), which is probably
unsafe" the first time a program called gets(), users yelled and screamed
their complaints for months.  Regardless, I believe the best way to 
deal with errors caused by buffer overflows in standard C-library routines
is going to be to insert similar warning messages in those programs
and make sure that programmers know that their programs will be ugly
if they use 'em.

    - mark
      [ running off to find setuid executables linked against termcap...
        <grin> ]

---
Mark Newton                               Email: newton@communica.com.au
Systems Engineer                          Phone: +61-8-373-2523
Communica Systems                         WWW:   http://www.communica.com.au

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9608280304.AA14763>