Bugtraq mailing list archives

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

From: perry () piermont com (Perry E. Metzger)
Date: Tue, 29 Aug 1995 03:08:48 -0400


Mark Thomas writes:

If anyone comes up with diffs to SunOS syslog() source for those
who have source access, or a replacement syslog.c routine to build into
libc, please post.


I've already built patches for 4.4lite BSD derived systems, which I'll
post in a little while after I've tested them better. Unfortunately,
they require the use of snprintf, which is not standard on anything
other than 4.4BSD. I can't think of any way to get around this -- you
need to bounds check the sprintfs in syslog.c and the only way I know
to do that is snprintf.

I'll point out that this opens up a whole new wonderful set of holes
that no one thought of before.

Perry

Current thread:

Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10, (continued)
- - - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)
  - [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 [8LGM] Security Team (Aug 28)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Rob J. Nauta (Aug 29)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jay 'Whip' Grizzard (Aug 29)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
    - SunOS syslog.c replacement Matthew Donaldson (Aug 30)
  - [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Mark Thomas (Aug 28)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Perry E. Metzger (Aug 29)
    - syslog() Mark A. Fullmer (Aug 29)