Date: Sun, 22 Nov 1998 12:20:00 -0800 (PST) From: Alexander Viro <viro@math.psu.edu> To: freebsd-bugs@FreeBSD.ORG Subject: Re: bin/8790: [PATCH] Buffer overrun in nvi-1.79. Message-ID: <199811222020.MAA23555@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/8790; it has been noted by GNATS. From: Alexander Viro <viro@math.psu.edu> To: David Greenman <dg@root.com> Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/8790: [PATCH] Buffer overrun in nvi-1.79. Date: Sun, 22 Nov 1998 15:13:38 -0500 (EST) On Sat, 21 Nov 1998, David Greenman wrote: > > Regex used in nvi is vulnerable to the following exploit: ^^^^^ > > I'm wondering what you mean by "exploitable buffer overrun"...? You make > this sound like a security problem, but nvi isn't installed suid/sgid. Erm... First of all, there is 'secure' flag. IIRC it isn't supposed to be removable. I'm _not_ saying that it has real security implications for vi (albeit it is possible in really weird setups). But: a) It is bug (SIGSEGVing vi by search for right pattern isn't nice ;-/) b) It is exploitable bug in regex. And regex is used in suid beasts. Since GNU regex is GPLed... I suspect that Spencer's one is used in most cases. So, yes, I'm afraid that it can be security problem. If there is a regular way to submit bug reports against things like regex (i.e. piece of code used in many packages) - my apologies for lack of clues ;-( Al #include <language_disclaimer.h> -- There are no "civil aviation for dummies" books out there and most of you would probably be scared and spend a lot of your time looking up if there was one. :-) Jordan Hubbard in c.u.b.f.m To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811222020.MAA23555>