Bugtraq mailing list archives

Re: [linux-security] Re: Re: so-called snprintf() in db-1.85.4

From: tarreau () AEMIAIF LIP6 FR (Willy TARREAU)
Date: Thu, 10 Jul 1997 16:58:43 +0200

---------- Forwarded message ----------
Date: Wed, 9 Jul 1997 11:20:08 -0400 (EDT)
From: Illuminati Primus <vermont () gate net>
To: Hal DeVore <hdevore () bmc com>
Cc: Thomas Roessler <roessler () guug de>, linux-security () redhat com
Subject: [linux-security] Re: Re: so-called snprintf() in db-1.85.4

ldd /usr/sbin/sendmail
        libgdbm.so.1 => /lib/libgdbm.so.1
        libdb.so.1 => /usr/lib/libdb.so.1
        libc.so.5 => /lib/libc.so.5

Does this mean that the all occurences of snprintf in my sendmail are now
susceptible to overflows?  Or might the order of the links to the
libraries override libdb's snprintf with the libc version?  I am unsure
about how symbols are loaded from libraries...


Personnaly, I've patched my libdb.so.1 to rename sprintf() and snprintf()
so that I'm sure that no program will use them. As they are also defined
in libc.so, this should never cause any problem.

Willy
--
+---------------+------------------------+----------------------------------+
| Willy Tarreau | tarreau () aemiaif lip6 fr | http://www-miaif.lip6.fr/willy/ |
| Magistere d'Informatique Appliquee de l'Ile de France (MIAIF), promo 97   |
| DEA  A.S.I.M.E. |  Universite Pierre et Marie Curie (Paris 6), FRANCE     |
+-----------------+---------------------------------------------------------+

Current thread:

[linux-security] Re: Re: so-called snprintf() in db-1.85.4 Aleph One (Jul 10)
- Re: [linux-security] Re: Re: so-called snprintf() in db-1.85.4 Willy TARREAU (Jul 10)
- libdb snprintf under Digital Unix David Krinsky (Jul 10)
- GETADMIN 2 - THE SEQUEL Mark Joseph Edwards (Jul 10)