Date: Thu, 13 Oct 2005 17:46:03 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Nate Eldredge <nge@cs.hmc.edu> Cc: freebsd-bugs@FreeBSD.org Subject: Re: gnu/45168: Buffer overflow in /usr/bin/dialog Message-ID: <20051013214603.GA8244@xor.obsecurity.org> In-Reply-To: <200510132130.j9DLURLA071293@freefall.freebsd.org> References: <200510132130.j9DLURLA071293@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--h31gzZEtNLTqOjlF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Oct 13, 2005 at 09:30:27PM +0000, Nate Eldredge wrote:
> The following reply was made to PR gnu/45168; it has been noted by GNATS.
>=20
> From: Nate Eldredge <nge@cs.hmc.edu>
> To: bug-followup@FreeBSD.org, saturnero@freesbie.org
> Cc: daveb@optusnet.com.au, freebsd-current@cs.hmc.edu
> Subject: Re: gnu/45168: Buffer overflow in /usr/bin/dialog
> Date: Thu, 13 Oct 2005 14:29:43 -0700 (PDT)
>=20
> libdialog appears to be brimming with bugs of this sort. Lots of uses o=
f=20
> strcpy / strcat. It probably needs a complete audit. Ideally there=20
> should be no MAX_LEN and everything dynamically allocated. I hope to go=
d=20
> it is never run by anything with elevated privileges.
void init_dialog(void)
{
if (issetugid()) {
errx(1, "libdialog is unsafe to use in setugid applications");
}
Kris
--h31gzZEtNLTqOjlF
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFDTtWaWry0BWjoQKURAmhKAJ4teNaphqwYwLAQBlCVJus1UJwQMgCeKDZw
p0JR/qrgxHW3MB4GeDuDndY=
=JahS
-----END PGP SIGNATURE-----
--h31gzZEtNLTqOjlF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051013214603.GA8244>