Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: andre () PIPELINE CH (IBS / Andre Oppermann)
Date: Wed, 22 Jul 1998 00:46:00 +0200
Kragen wrote:
On Sat, 18 Jul 1998, Niall Smart wrote:The problem, as the original poster says, is that exercising option 3 is currently too difficult. The ANSI C string handling functions are simply error prone. With this in mind I begin about a month ago on a project to create a string handling library which makes buffer management significantly easier, while still maintaining an acceptable level of efficiency and supporting common C programming idioms. There are other interfaces, such as file access which are also error prone to a degree which I am also looking at. I haven't had the time to spend as much time on this project as I would have liked but I should get it released before the end of the summer at which time I'll post an announcement here. The code will be under a BSD style copyright.Dan Bernstein, who wrote qmail, has already done all of this. He might be persuaded to let others use his library under a BSD-style copyright. qmail uses no standard C library functions, other than syscalls, if I remember correctly.
That is true, but he hasn't documented it very well, in fact you have to look through and follow the function to see what is really does. One interesting thing his string functions are doing is to put everything into a structure (string.s and string.len) and terminate it with 'Z'. If you get the 'Z' somewhere in your output you've done something wrong... You have to code specificlly for this so it's not a choice of use this or that lib... but we have done some heavy hacking to qmail to integrate LDAP and the nice 'Z' have been *very* useful to track coding errors down. -- Andre Oppermann CEO / Geschaeftsfuehrer Internet Business Solutions Ltd. (AG) Hardstrasse 235, 8005 Zurich, Switzerland Fon +41 1 277 75 75 / Fax +41 1 277 75 77 http://www.pipeline.ch ibs () pipeline ch
Current thread:
- Re: EMERGENCY: new remote root exploit in UW imapd, (continued)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: Bounds checking - historical aside Brett Glass (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Belits (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allen Smith (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Dave Andersen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Jim Greene (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Peter Jeremy (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd IBS / Andre Oppermann (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Adam Shostack (Jul 23)
- Security Bulletins Digest vtmue () HEAVEN RUF UNI-FREIBURG DE (Jul 23)
- Apache 1.3.1 Released! Aleph One (Jul 23)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Le Heux (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd D. J. Bernstein (Jul 28)
- Re: EMERGENCY: new remote root exploit in UW imapd der Mouse (Jul 28)
- Object tag crashes Internet Explorer 4.0 Georgi Guninski (Jul 28)
- Re: Object tag crashes Internet Explorer 4.0 Matt Rose (Jul 29)
- Re: EMERGENCY: new remote root exploit in UW imapd David Schwartz (Jul 28)
- Object tag crashes Internet Explorer 4.0 Georgi Guninski (Jul 28)
(Thread continues...)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)