From owner-cvs-all  Tue Sep  4 12:33:51 2001
Delivered-To: cvs-all@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP
	id D0B5737B40B; Tue,  4 Sep 2001 12:33:40 -0700 (PDT)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id f84JXOD34505;
	Tue, 4 Sep 2001 23:33:25 +0400 (MSD)
	(envelope-from ache)
Date: Tue, 4 Sep 2001 23:33:21 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Kris Kennaway <kris@obsecurity.org>
Cc: Matt Dillon <dillon@earth.backplane.com>,
	Mark Peek <mark@whistle.com>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libc/stdlib strtol.3 strtol.c strtoll.c strtoq.c strtoul.3 strtoul.c strtoull.c strtouq.c
Message-ID: <20010904233320.A34429@nagual.pp.ru>
References: <200109041639.f84GdBm87501@freefall.freebsd.org> <20010904204454.A32114@nagual.pp.ru> <p05100307b7bab7186d08@[10.1.10.118]> <200109041705.f84H5W692572@earth.backplane.com> <20010904122843.A56085@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp"
Content-Disposition: inline
In-Reply-To: <20010904122843.A56085@xor.obsecurity.org>
User-Agent: Mutt/1.3.21i
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


--LQksG6bCIzRHxTLp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 04, 2001 at 12:28:43 -0700, Kris Kennaway wrote:
> Having rcsid[] visible in source files is very useful from my point of
> view in determining whether a binary is vulnerable to a security

There is no such strings in binary due to shared linkage in most cases.

> vulnerability.  If we have rcsids in everything (especially
> libraries), then it would be trivial to write scanning software which

For released versions library major is enough to determine functions
present there.

--=20
Andrey A. Chernov
http://ache.pp.ru/

--LQksG6bCIzRHxTLp
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia

iQCVAwUBO5UsgOJgpPLZnQjrAQE/+gQAoVvJ9T1PCx7xLpWobnF0hCTNfd/Nj/uG
8Rva0T7fs02mhbpyp4M758+vGUn8cxi/eg734WkeDSbIix3bwNDmdw039wzlaLRN
Wek43w/OU3s3fqfZtBJrbRsc3uP0UYDmWlqFy4iD4dmdxFRubc9tFDadNjZ1b6lz
arIS9G65vz0=
=K81O
-----END PGP SIGNATURE-----

--LQksG6bCIzRHxTLp--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message