From owner-freebsd-audit Thu Sep 28 9:11:29 2000 Delivered-To: freebsd-audit@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E9A9237B42C; Thu, 28 Sep 2000 09:11:27 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id JAA97775; Thu, 28 Sep 2000 09:11:27 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 28 Sep 2000 09:11:27 -0700 (PDT) From: Kris Kennaway To: Dan Moschuk Cc: audit@FreeBSD.org Subject: Re: tcpdump security vulnerabilities In-Reply-To: <20000928103542.A38089@spirit.jaded.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 28 Sep 2000, Dan Moschuk wrote: > The patch seems fairly harmless, but remember that tcpdump is contrib > code and the patch should go the maintainers first. To increase the chance > of them accepting it, you may want to roll your own snprintf() routine for > the few remaining OSs that don't have it, or hint that they should do it > if they want their code to compile on older versions of Solaris. :) It was CC'ed to the tcpdump "patches submission" address. They use snprintf in the rest of the code, so I assume that it's taken care of. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message