Bugtraq mailing list archives
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: perry () piermont com (Perry E. Metzger)
Date: Tue, 29 Aug 1995 03:08:48 -0400
Mark Thomas writes:
If anyone comes up with diffs to SunOS syslog() source for those who have source access, or a replacement syslog.c routine to build into libc, please post.
I've already built patches for 4.4lite BSD derived systems, which I'll post in a little while after I've tested them better. Unfortunately, they require the use of snprintf, which is not standard on anything other than 4.4BSD. I can't think of any way to get around this -- you need to bounds check the sprintfs in syslog.c and the only way I know to do that is snprintf. I'll point out that this opens up a whole new wonderful set of holes that no one thought of before. Perry
Current thread:
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10, (continued)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)
- [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 [8LGM] Security Team (Aug 28)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Rob J. Nauta (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jay 'Whip' Grizzard (Aug 29)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
- SunOS syslog.c replacement Matthew Donaldson (Aug 30)
- [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Mark Thomas (Aug 28)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
- syslog() Mark A. Fullmer (Aug 29)