From owner-freebsd-bugs  Sun Nov 22 12:19:56 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA08880
          for freebsd-bugs-outgoing; Sun, 22 Nov 1998 12:19:56 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA08875
          for <freebsd-bugs@FreeBSD.org>; Sun, 22 Nov 1998 12:19:55 -0800 (PST)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id MAA23555;
	Sun, 22 Nov 1998 12:20:00 -0800 (PST)
Date: Sun, 22 Nov 1998 12:20:00 -0800 (PST)
Message-Id: <199811222020.MAA23555@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.ORG
From: Alexander Viro <viro@math.psu.edu>
Subject: Re: bin/8790: [PATCH] Buffer overrun in nvi-1.79. 
Reply-To: Alexander Viro <viro@math.psu.edu>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/8790; it has been noted by GNATS.

From: Alexander Viro <viro@math.psu.edu>
To: David Greenman <dg@root.com>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/8790: [PATCH] Buffer overrun in nvi-1.79. 
Date: Sun, 22 Nov 1998 15:13:38 -0500 (EST)

 On Sat, 21 Nov 1998, David Greenman wrote:
 
 > >	Regex used in nvi is vulnerable to the following exploit:
 	^^^^^
 > 
 >    I'm wondering what you mean by "exploitable buffer overrun"...? You make
 > this sound like a security problem, but nvi isn't installed suid/sgid.
 
 	Erm... First of all, there is 'secure' flag. IIRC it isn't
 supposed to be removable. I'm _not_ saying that it has real security
 implications for vi (albeit it is possible in really weird setups).
 But:
 	a) It is bug (SIGSEGVing vi by search for right pattern isn't
 nice ;-/)
 	b) It is exploitable bug in regex. And regex is used in suid
 beasts. Since GNU regex is GPLed... I suspect that Spencer's one is used
 in most cases. So, yes, I'm afraid that it can be security problem. If
 there is a regular way to submit bug reports against things like regex
 (i.e. piece of code used in many packages) - my apologies for lack of
 clues ;-(
 							Al
 #include <language_disclaimer.h>
 -- 
 There are no "civil aviation for dummies" books out there and most of
 you would probably be scared and spend a lot of your time looking up
 if there was one. :-)			  Jordan Hubbard in c.u.b.f.m
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message