Re: Bug#27050 (fdutils): A cause for security concern?

To: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#27050 (fdutils): A cause for security concern?
From: John Hasler <john@dhh.gt.org>
Date: 21 Jan 1999 10:39:30 -0600
Message-id: <[🔎] 87emoooa0t.fsf@hasler.dhh>
In-reply-to: Wichert Akkerman's message of "Thu, 21 Jan 1999 15:11:54 +0100"
References: <[🔎] Pine.A41.3.96.990119141915.52336A-100000@gpu5.srv.ualberta.ca> <[🔎] 19990119164337.B6726@visi.net> <[🔎] 19990119171601.C15042@worldvisions.ca> <[🔎] 19990120141859.A3200@sacrifice> <[🔎] 87lniyps8k.fsf@hasler.dhh> <[🔎] 19990120175736.B6715@worldvisions.ca> <[🔎] 87sod5o4ha.fsf@hasler.dhh> <[🔎] 19990121021927.C2907@cs.leidenuniv.nl> <[🔎] 87k8yhnxh5.fsf@hasler.dhh> <[🔎] 19990121151154.A30235@cs.leidenuniv.nl>

I wrote:
> I looked around in the code a bit more and found a few dubious looking
> sprintf's.  What else should I look for?  I already checked for 'system'
> and 'execve'.

Wichert Akkerman writes:
> Please do so.

Please do *what*?  

As I noted, there are no calls to system or its ilk.  I know how to fix the
sprintf's.  My plan now is to analyze the path followed by strings from
input to consumption.  The control port is protected by a password: I'll
look for holes in the password checking.

What else?
-- 
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI

Reply to:

Follow-Ups:
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>

References:
- Bug#27050 (fdutils): A cause for security concern?
  - From: Anthony Fok <foka@ualberta.ca>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Ben Collins <bmc@visi.net>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Avery Pennarun <apenwarr@worldvisions.ca>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Robert Donn <squirk@ihug.co.nz>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: John Hasler <john@dhh.gt.org>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Avery Pennarun <apenwarr@worldvisions.ca>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: John Hasler <john@dhh.gt.org>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: John Hasler <john@dhh.gt.org>
- Re: Bug#27050 (fdutils): A cause for security concern?
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>

Prev by Date: Re: LSB?
Next by Date: Re: New DFSG Draft revision #3
Previous by thread: Re: Bug#27050 (fdutils): A cause for security concern?
Next by thread: Re: Bug#27050 (fdutils): A cause for security concern?
Index(es):
- Date
- Thread