From owner-freebsd-audit Tue May 2 6:42: 7 2000 Delivered-To: freebsd-audit@freebsd.org Received: from florence.pavilion.net (florence.pavilion.net [212.74.0.25]) by hub.freebsd.org (Postfix) with ESMTP id 5224537B7A6; Tue, 2 May 2000 06:42:01 -0700 (PDT) (envelope-from joe@pavilion.net) Received: from genius.systems.pavilion.net (postfix@genius.systems.pavilion.net [212.74.1.100]) by florence.pavilion.net (8.9.3/8.8.8) with ESMTP id OAA38185; Tue, 2 May 2000 14:39:15 +0100 (BST) (envelope-from joe@pavilion.net) Received: by genius.systems.pavilion.net (Postfix, from userid 100) id 68086255; Tue, 2 May 2000 14:39:15 +0100 (BST) Date: Tue, 2 May 2000 14:39:15 +0100 From: Joe Karthauser To: Robert Watson Cc: Mike Heffner , FreeBSD-audit Subject: Re: three small patches - oflows Message-ID: <20000502143915.G3433@pavilion.net> References: <20000429141039.A48739@pavilion.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from rwatson@freebsd.org on Mon, May 01, 2000 at 10:44:54AM -0400 X-NCC-RegID: uk.pavilion Organisation: Pavilion Internet plc, Lees House, 21-23 Dyke Road, Brighton, England Phone: +44-845-333-5000 Fax: +44-845-333-5001 Mobile: +44-403-596893 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, May 01, 2000 at 10:44:54AM -0400, Robert Watson wrote: > > I noticed a bunch of commits go in labeled, ``fix buffer overflow'' -- any > chance you could include a note indicating whether or not they represent a > security hole in the base configuration/etc? I.e., the natd buffer > overflow does not present a security risk (that I'm aware of) as it's not > setugid, and when it does run with privilege only the caller can specify > the arguments? I'll do that in future commits, and when I MFC these later. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message