Bugtraq mailing list archives
FORW: Re: Format String Attacks
From: Dan Harkless <dan-bugtraq () DILVISH SPEED NET>
Date: Fri, 15 Sep 2000 01:51:40 -0700
Here are some interesting observations on this subject by someone who wished to remain nameless. ------- Forwarded Message
Hmm... I'm not sure if it can be fixed in libc, even if it's GNU libc.Erm, the Linux vendors seem to think so...
Linux vendors can guarantee something for the utilities they ship. Suppose you are running Veritas Volume Manager on Solaris. Then you have /etc/vx/slib/libc.so.1 which is a libc copy made when VxVM was installed. I don't know what's the purpose, but it's there. Your libc patches don't affect that copy. I don't know if some utility uses it, but in case there is a setuid VxVM utility which uses it, you're vulnerable. Even if Sun puts a fix in /usr/lib/libc.so.1. Then there is the question of static linking and executables built before libc patching. Some people seem to think that GNU gettext is superior to Solaris gettext, or that Solaris gettext doesn't work with free software. So they link GNU gettext staticaly. In those cases libc gettext() & friends will never be called. I don't know where NLSPATH cleaning code resides. But I doubt it can be put in .init section, so there is a chance that something will be vulnerable. Etc. etc. You already have a working system with god knows what installed. It's hard to guarantee that the whole system is not going to be vulnerable with a kludge in libc.so. Sun will fix Sun's utilities. Linux vendors have fixed theirs (supposedly). Anything else is your problem. The only OS which wasn't affected was OpenBSD, because it's OpenBSD. :-) ------- End of Forwarded Message ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
Current thread:
- FORW: Re: Format String Attacks Dan Harkless (Sep 15)