Date: Thu, 10 Aug 2000 13:22:49 -0700 (PDT) From: Kelly Yancey <kbyanc@posi.net> To: Kris Kennaway <kris@FreeBSD.org> Cc: audit@FreeBSD.org Subject: Re: Update to patch(1) Message-ID: <Pine.BSF.4.21.0008101315120.24057-100000@gateway.posi.net> In-Reply-To: <Pine.BSF.4.21.0008090018280.84210-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Aug 2000, Kris Kennaway wrote: > > > * system() is insecure - there's no point in making all the string > > > operations buffer-safe if you go and pass a user string to system() :-) > > > > I can only assume that the original OpenBSD patches were more for > > consistency's sake. It can't hurt, though. :) > > Well, there's more to auditing than just making things buffer-safe, > although sometimes the other problems are overlooked. I can only assume > that happened here.. > No problem. How does a fork/exec combo sound to you, instead. That way it never gets to the shell. I don't see any other alternative. > > Hmm. That is a good point and an interesting dilemma: without making some > > fairly intruisive changes I can't use mkstemp() + unlink(). So which is the > > lesser evil: the existing use of mktemp or risking leaving tempfiles with > > mkstemp()? > > Could you do something evil like making a global variable for the file > descriptor so you don't have to pass it around through function calls? > Yeah, that fell into my definition of intrusive (a number of functions take pathnames as arguments which will have to go awayor be replaced with descriptor arguments). Frankly, that is fine with me, I was more concerned that someone might object to making such major modifications to a contrib'ed source (albeit only technically contrib'ed). But if there is no objection, I'll take the axe to it. :) Kelly -- Kelly Yancey - kbyanc@posi.net - Belmont, CA System Administrator, eGroups.com http://www.egroups.com/ Maintainer, BSD Driver Database http://www.posi.net/freebsd/drivers/ Coordinator, Team FreeBSD http://www.posi.net/freebsd/Team-FreeBSD/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008101315120.24057-100000>