|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: OpenBSD Security Advisory
From: Todd C. Miller (Todd.Miller
COURTESAN.COM)Date: Wed Oct 04 2000 - 12:31:23 CDT
- Next message: Greg KH: "Immunix OS Security Update for lpr"
- Previous message: Tim Yardley: "Re: OpenBSD Security Advisory"
- In reply to: K2: "Re: OpenBSD Security Advisory"
- Next in thread: Chris Evans: "talkd [WAS: Re: OpenBSD Security Advisory]"
- Reply: Todd C. Miller: "Re: OpenBSD Security Advisory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <39DADCB7.4E416D8Bktwo.ca>
so spake K2 (ktwo):
> Here is another exploit for an application (fstat) that
> OpenBSD's
> format string audit has seemingly forgotten about. What I would like to
> know is why this and a number of other privileged applications have
> security vulnerabilities in them. They WERE fixed, but NO ADVISORY nor
> ANY MENTION IN THEIR DAILY CHANGLOG! How can the impact of the
> vulnerability not be realized when they occur in something as privileged
> as that would be using pw_error()?
As one of the people who took part in the audit I can honestly say
that we didn't think they *were* exploitable. There was no intention
of hiding any fixes, we just went through the entire source tree
(we did not target privileged programs specifically) and fixed
format string problems where we found them and released patches for
those we knew to be exploitable (like xlock).
None of us are in the business of writing exploits--we just fix broken
code...
- todd
- Next message: Greg KH: "Immunix OS Security Update for lpr"
- Previous message: Tim Yardley: "Re: OpenBSD Security Advisory"
- In reply to: K2: "Re: OpenBSD Security Advisory"
- Next in thread: Chris Evans: "talkd [WAS: Re: OpenBSD Security Advisory]"
- Reply: Todd C. Miller: "Re: OpenBSD Security Advisory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]