Re: buffer overflow in /bin/gzip?

To: Anders Gjære <Anders@oslo.kvalito.no>, debian-security@lists.debian.org
Subject: Re: buffer overflow in /bin/gzip?
From: Ben Leslie <benno@sesgroup.net>
Date: Wed, 21 Nov 2001 10:23:32 +1100
Message-id: <[🔎] 20011121102331.E1003@lister.sesgroup.net>
Reply-to: benno@sesgroup.net
In-reply-to: <[🔎] 20011121001327.A9768@morinfr.org>
References: <[🔎] 010B55064719D511AEBD00500488036212F40C@sekunda5.oslo.kvalito.no> <[🔎] 20011121001327.A9768@morinfr.org>

On Wed, 21 Nov 2001, Guillaume Morin wrote:

> Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
> >
> > in gzip.c
> > 
> > the line:
> > 	strcpy(nbuf,dir);
> > 
> > should maybe be replaced with:
> > 	strncpy(nbuf, dir,sizeof(nbuf));
> 
> gzip runs with user privileges, therefore this is not a security
> problem.
> 

That is extremely sill and short sighted. What happens if root runs
gzip, for example root unzipping a tar ball for some new software.

To say it runs at user privileges *does not* stop it being a security
problem.

Benno

Reply to:

References:
- buffer overflow in /bin/gzip?
  - From: Anders Gjære <Anders@oslo.kvalito.no>
- Re: buffer overflow in /bin/gzip?
  - From: Guillaume Morin <guillaume@morinfr.org>

Prev by Date: Re: buffer overflow in /bin/gzip?
Next by Date: Re: buffer overflow in /bin/gzip?
Previous by thread: Re: buffer overflow in /bin/gzip?
Next by thread: Re: buffer overflow in /bin/gzip?
Index(es):
- Date
- Thread