[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: netscape bug

To: [email protected]
Subject: Re: netscape bug
From: "Perry E. Metzger" <[email protected]>
Date: Sat, 23 Sep 1995 14:31:40 -0400
Cc: [email protected]
In-Reply-To: Your message of "Fri, 22 Sep 1995 17:03:21 PDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


Tom Weinstein writes:
> In article <[email protected]>, "Perry E. Metzger" <[email protected]> 
writes:
> 
> > I can tell you in general terms -- I don't write MIPS assembler
> > myself. However, I will point out to you that you use an ancient
> > Sendmail, and that it uses syslog(3) on user produced data, and that
> > syslog uses a static buffer. Trick sendmail into logging something
> > very big, and you can do what you like. The 8lgm people wrote a demo
> > for Sparc as a proof of concept.
> 
> Hmm, after having looked at the syslogd code, it looks like this
> particular bug has been fixed for at least several years.

I said syslog(3), not syslogd(8).

The bug is in the client, not the server. Yes, you suffer from it. Go
and check.

> However, there sure are a hell of a lot of fixed size buffers being
> alocated off the stack and some of them are being used in unsafe
> ways.

Perry

References:
- Re: netscape bug
  - From: [email protected] (Tom Weinstein)

Prev by Date: Seattle Cypherpunks
Next by Date: Re: "Going after Netscape"
Prev by thread: Re: netscape bug
Next by thread: Re: netscape bug
Index(es):
- Date
- Thread