Re: buffer overflow in /bin/gzip?

[Bryan Andersen <bryan@visi.com>]

John Galt wrote:
> 
> On Wed, 21 Nov 2001, Guillaume Morin wrote:
> 
> >Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
> >>
> >> in gzip.c
> >>
> >> the line:
> >>      strcpy(nbuf,dir);
> >>
> >> should maybe be replaced with:
> >>      strncpy(nbuf, dir,sizeof(nbuf));
> >
> >gzip runs with user privileges, therefore this is not a security
> >problem.
> >
> 
> gzip is in vuln-dev for a buffer overflow in the argv handler.  Debian is
> apparently invulnerable, but it's a good thing to do everything we can to
> figure out more bugs in the flavor-of-the-month exploit target before the
> black hats do.

I second this.  

On thing I think is quite important is to get rid of calls to 
routines that it is possible to buffer overflow.  OpenBSD has a 
"feature" in their version of gcc that will cause a compile time 
error message telling you when one of the standard library 
routines known to be overflowable is used.  I'd love to see all 
open source software put through that chack.  It dosen't need to 
be an error output, but atleast a warning would be good.  At 
this point it needs to be switchable and not manditory.  this is 
due to the volue of code that would need to be changed.


-- 
|  Bryan Andersen   |   bryan@visi.com   |   http://www.nerdvest.com   |
| Buzzwords are like annoying little flies that deserve to be swatted. |
|   -Bryan Andersen                                                    |