Re: buffer overflow in /bin/gzip?
John Galt wrote:
>
> On Wed, 21 Nov 2001, Guillaume Morin wrote:
>
> >Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
> >>
> >> in gzip.c
> >>
> >> the line:
> >> strcpy(nbuf,dir);
> >>
> >> should maybe be replaced with:
> >> strncpy(nbuf, dir,sizeof(nbuf));
> >
> >gzip runs with user privileges, therefore this is not a security
> >problem.
> >
>
> gzip is in vuln-dev for a buffer overflow in the argv handler. Debian is
> apparently invulnerable, but it's a good thing to do everything we can to
> figure out more bugs in the flavor-of-the-month exploit target before the
> black hats do.
I second this.
On thing I think is quite important is to get rid of calls to
routines that it is possible to buffer overflow. OpenBSD has a
"feature" in their version of gcc that will cause a compile time
error message telling you when one of the standard library
routines known to be overflowable is used. I'd love to see all
open source software put through that chack. It dosen't need to
be an error output, but atleast a warning would be good. At
this point it needs to be switchable and not manditory. this is
due to the volue of code that would need to be changed.
--
| Bryan Andersen | bryan@visi.com | http://www.nerdvest.com |
| Buzzwords are like annoying little flies that deserve to be swatted. |
| -Bryan Andersen |
Reply to: