[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: radiusd-freeradius history and future

On Tue, Nov 11, 2003 at 02:02:49PM -0500, Matt Zimmerman wrote:
> On Tue, Nov 11, 2003 at 11:52:00AM -0600, Steve Langasek wrote:
> > The packages at <http://www.tbble.com/freeradius/> will be sponsored into
> > the archive as soon as I've had a chance to review them (this week).
> This thing is packed full of strcpy() and strcat(), which is the sort of
> sloppiness that I don't like to see in a network server.  It was a great
> blessing to find that we weren't shipping this in woody when the last batch
> of security problems was discovered.

> Have mercy...

Well, then don't use it. :-)

No, seriously, I'll put that on my TODO list. Mind you, we do some
rather heavy input validation and are particularly strict on the RADIUS
protocol, so I'm fairly confident that it's not going to be a problem.

I am however curious about this "last batch of security problems"? Can
you point me at that?

Paul "TBBle" Hampson, MCSE
6th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)

"No survivors? Then where do the stories come from I wonder?"
-- Capt. Jack Sparrow, "Pirates of the Caribbean"

This email is licensed to the recipient for non-commercial
use, duplication and distribution.

Attachment: signature.asc
Description: Digital signature

Reply to: