Bugtraq mailing list archives
Re: [linux-security] Re: Re: so-called snprintf() in db-1.85.4
From: tarreau () AEMIAIF LIP6 FR (Willy TARREAU)
Date: Thu, 10 Jul 1997 16:58:43 +0200
---------- Forwarded message ---------- Date: Wed, 9 Jul 1997 11:20:08 -0400 (EDT) From: Illuminati Primus <vermont () gate net> To: Hal DeVore <hdevore () bmc com> Cc: Thomas Roessler <roessler () guug de>, linux-security () redhat com Subject: [linux-security] Re: Re: so-called snprintf() in db-1.85.4 ldd /usr/sbin/sendmail libgdbm.so.1 => /lib/libgdbm.so.1 libdb.so.1 => /usr/lib/libdb.so.1 libc.so.5 => /lib/libc.so.5 Does this mean that the all occurences of snprintf in my sendmail are now susceptible to overflows? Or might the order of the links to the libraries override libdb's snprintf with the libc version? I am unsure about how symbols are loaded from libraries...
Personnaly, I've patched my libdb.so.1 to rename sprintf() and snprintf() so that I'm sure that no program will use them. As they are also defined in libc.so, this should never cause any problem. Willy -- +---------------+------------------------+----------------------------------+ | Willy Tarreau | tarreau () aemiaif lip6 fr | http://www-miaif.lip6.fr/willy/ | | Magistere d'Informatique Appliquee de l'Ile de France (MIAIF), promo 97 | | DEA A.S.I.M.E. | Universite Pierre et Marie Curie (Paris 6), FRANCE | +-----------------+---------------------------------------------------------+
Current thread:
- [linux-security] Re: Re: so-called snprintf() in db-1.85.4 Aleph One (Jul 10)
- Re: [linux-security] Re: Re: so-called snprintf() in db-1.85.4 Willy TARREAU (Jul 10)
- libdb snprintf under Digital Unix David Krinsky (Jul 10)
- GETADMIN 2 - THE SEQUEL Mark Joseph Edwards (Jul 10)