Full Disclosure mailing list archives
Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow
From: "Larry W. Cashdollar" <lwc () vapid ath cx>
Date: Fri, 9 May 2003 12:31:55 -0400 (EDT)
Maybe a better response would have been to test/patch yourself? It's actually not worth it, catmail has about 9 strcpy()'s. That's not including the libraries it links too. Which are riddled with them... gcc -fwritable-strings -I/tmp/bleh -ggdb -O -o catmail catmail.o /tmp/bleh/lplib/liblplib.a /tmp/bleh/send/libsend.a /tmp/bleh/objects/libobjects.a /tmp/bleh/lputil/liblputil.a /tmp/bleh/port/liblpport.a -lnsl -lm -L/tmp/bleh/../../dbm -llpdb for starters: [root@mozzarella lplib]# grep -c strcpy *.c config_file.c:0 file_list.c:1 fio.c:0 lpalias.c:1 lpglobals.c:0 lprevdbm.c:0 misc.c:53 newmail.c:0 sender.c:26 signals.c:0 silp.c:8 [root@mozzarella lputil]# grep -c strcpy *.c lpconfig.c:0 lpcounter_file.c:0 lpdir.c:0 lperrmsg.c:0 lpexec.c:0 lpexit.c:0 lpfile.c:0 lpinit.c:1 lplock.c:0 lplog.c:1 lpmd5.c:0 lpregex.c:0 lpsetuid.c:0 lpsig.c:0 lpstring.c:0 lpsyslib.c:1 lptypes.c:0 mailrfc.c:0 md5c.c:0 plist.c:0 regerror.c:1 regex.c:4 regex_new.c:4 regexp.c:1 regsub.c:0 string_table.c:0 It's better to just move on to new software. On Fri, 9 May 2003, Shawn McMahon wrote:
Huh? They can't come up with a Linux box with enough HD space to store the source code? What, does the company use PCs in their school library to do all their Important Security Consultant Work? Never mind, I just looked at their website. Maybe they truly DON'T have any Linux or other UNIX boxes. -- Shawn McMahon | Let every nation know, whether it wishes us well or ill, EIV Consulting | that we shall pay any price, bear any burden, meet any UNIX and Linux | hardship, support any friend, oppose any foe, to assure http://www.eiv.com| the survival and the success of liberty. - JFK
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow KF (May 08)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow Shawn McMahon (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow KF (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow Shawn McMahon (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow Larry W. Cashdollar (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow KF (May 09)
- Re: SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow Shawn McMahon (May 09)