Bugtraq mailing list archives
Re: libresolv+ bug
From: coxa () cableol net (Alan Cox)
Date: Mon, 19 Aug 1996 09:18:41 +0100
Reading restricted file is not that much of a problem as long as you keep the contents of the files secret, i.e., don't print "root:<pw>:::": parse error at line 1. Validate your input (for $TZ and $TERMINFO/$TERMCAP, validating input is pretty easy, $TZ and $TERM* will only reveal information if it happens to be in the right format)
In the case of resolv, user resolv files should only be read if they are accessible as that user. This means going through all the usual mess because the designers of Unix didnt anticipate the fact that open(...., O_ASRUID) would have been useful. Then fix the buffer overruns then we might get somewhere. Alan
Current thread:
- Re: Possible bufferoverflow condition in lpr, xterm and xload, (continued)
- Re: Possible bufferoverflow condition in lpr, xterm and xload *Unknown* (Aug 17)
- Re: libresolv+ bug Theo Van Dinter (Aug 17)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Jon Lewis (Aug 18)
- Re: libresolv+ bug Alan Cox (Aug 19)
- libresolv Xarthon (Aug 18)
- Re: libresolv Xarthon (Aug 18)
- Re: libresolv+ bug Nelson Murilo (Aug 18)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Casper Dik (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Brian Mitchell (Aug 19)
- Re: libresolv+ bug David Holland (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Steve Czetty (Aug 19)
- real time decode of tcpdump output Michael Ryan (Aug 19)
- WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
- SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)