Re: Responses to: Unix Security Kernel Changes

[mhw () WITTSEND COM (Michael H. Warfield)]

Jonathan A. Zdziarski enscribed thusly:
        :
        : - Trimmed general discussion...
        :

> OK NOW:  Let me introduce a new question to you.  How come we cannot
> write our std c libraries to do something similar to this before
> performing strcat's, etc...

> a[sizeof(b)] = NULL (or 0);

> to nullify out position x of the variable being copied from where b is the
> variable being copied to ... so if b is a 128 byte array, a[128] =
> 0...if there's a null before that fine...it will stop there...if not, it
> will forcibly stop at 128 when it hits the null.

        Bad Bad idea...

        First off, you really should not be attempting to modify source
parameters which are not intended to be modified.  This may even get
you an error if "a" is a const string.

        Second, what if "a" is smaller than "b".  You've just commited
new random acts of terrorism.

        Third (corelary to second), let's suppose you are copying selected
strings out of a large area of constant strings (not an uncommon occurance).
This would punch NULL's at random into other strings causing much havoc and
mirth while debugging the "where did the string go" problems that crop
up everywhere.

        Forth, where did you get sizeof(b) from?  It may be a malloc'ed
buffer.

        The real solution is to know the size of the target buffer and
simply stop copying before you reach the end.  Tampering with the
source parameter is not a solution.

> Thank you,

> Jonathan A. Zdziarski
> Sr. Systems Administrator
> Netrail, inc.
> 888.NET.RAIL x240

        Mike
--
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!