Re: Security Advisory - Recent compromise of freefall.freebsd.org

In message <199702171308.AAA26318@mirriwinni.cse.rmit.edu.au> Phillip Musumeci writes:
: Another thing that might be practical, or maybe not (I'm not sure), is

I have seen tools that will do runtime closures on the data. Could this overflow, given where the data has been. Generally, one had to turn off these tests because they were too verbose for normal code. Which is to say generally normal code has lots of problems...

I've not seen any of these compiler extensions recently. I wonder what happened to them. Guardian I think was the name of the product. A cooler idea than purify, but not as effective of telling you when you corrupt the heap, stack or other parts of memory.

What is needed is some static flow analysis tool to point us at the hotspots that might overflow, and would ignore those cases that can't overflow (eg char buf[1024]; int i = rand(); sprintf( buf, "%d", i);)[*]

However, that will do nothing for the race conditions, the bad uses of mktemp, et al, the sloppy use of seteuid(), badly written setuid progarms, etc.

Warner

[*] Before you object to newer, larger word machines, please consider that it would take ints with 1024 * ln(10)/ln(2) bits (about 3402) before you could even have a single character overflow. Received on Mon Feb 17 19:17:42 1997

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related audit-dead Links auditors bin contrib eBones games init lib libc libexec lkm sbin secure telnetd usr Request more information about Pantek