|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: no patch, is there a problem
From: David Schultz (das
FreeBSD.ORG)
Date: Thu Mar 17 2005 - 23:26:56 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Mar 17, 2005, Colin Percival wrote:
> Timothy Smith wrote:
> > http://www.securityfocus.com/bid/12825/info/
> >
> > no patch or anything, is there any action on this?
>
> We're not affected. The problem is in copyoutstr(),
> which doesn't exist in FreeBSD.
>
> I've sent an email to securityfocus advising them of
> this.
It exists on FreeBSD/alpha because it was blindly copied from
NetBSD. However, we don't use it, and it appears to do proper
validation anyway.
I'm not sure whether the bugtraq submitter is intentionally
spreading FUD or just lazy; the assertion that we do ``no
validation'' in copyout is patently false. It seems that someone
just copied a list of all FreeBSD CVS branches without actually
looking at the source or contacting securityfreebsd.org. Sigh.
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]