Date: Fri, 09 Jun 2000 19:10:02 -0700 From: Andy Sparrow <andy@geek4food.org> To: John Holland <john@zoner.org> Cc: ports@FreeBSD.org, freebsd-ports@FreeBSD.ORG Subject: Re: Hylafax security audit Message-ID: <200006100210.TAA84367@mega.geek4food.org> In-Reply-To: Your message of "Fri, 09 Jun 2000 10:54:22 EDT." <4.3.1.0.20000609101719.00ae4900@pop.mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-------- Your message dated: Fri, 09 Jun 2000 10:54:22 EDT >Hylafax has been marked BROKEN/FORBIDDEN since 12/1/1999 due to a setuid >uucp buffer overflow in faxalter. The fix for that overflow is trivial, >but I noticed a number of other of unchecked string copies in other >portions of the code. I'd like to fix the buffer overflows so FreeBSD can >have a secure port of Hylafax. Cool. >Is anyone else working on this? I was going to start looking at porting 4.1b2 (and fixing some obvious security stuff) this w/e. (4.1 mostly because of the libtiff interfaces incompatibility issues with libtiff-3.5/hylafax-4.0. The patch to fix this is against 4.1 and doesn't apply cleanly to 4.0) Unfortunately, I do have other interests and things to do generally, not to mention that hylafax 4.0 works great for me on 3.4-STABLE once I sussed the libtiff issue and built it against a tiff-3.4 lib, so this is kind of a "be nice to do" priority. > Is Hylafax doing anything about this? Not at such, no. They seem to be concentrating mostly on adding better fax support and such. I subscribed to their developer list recently and asked if they would be amenable to reviewing/commiting patches which addressed these issues. There seemed to be interest. I think it's a person-power problem, in that there are a few very active people developing. >Are there any functions other than these which I should check? > >strcpy >strcat >getwd >gets >scanf >fscanf >vscanf >realpath >sprintf >vsprintf Heh, I'd like an answer to that too, or a pointer to the "Compleat C Programmers Guide to defensively Programming in the Hacker Age" document I haven't found yet... :-) I understand that some functions that create temp files are safer than others (e.g. mkstemp()), and there seems to be support in HylaFAX for providing these functions for the older OSes that don't have 'em natively. Cheers, AS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006100210.TAA84367>