Bugtraq mailing list archives
Re: ftpd and setproctitle()
From: typo () SCENE AT (Firstname Lastname)
Date: Mon, 10 Jul 2000 10:41:07 +0200
On Sat, Jul 08, 2000 at 12:50:29AM +0200, Bernd Luevelsmeyer wrote:
For this class of bugs, shouldn't it be possible to modify the compiler so it will flag any occurrence of a non-constant format string in printf()-like functions?
i've already mailed my patch to the security audit list >7 days ago... http://inferno.tusculum.edu/~typo/tesogcc.tgz sorry for the deficient README... typo -- so much entropy, so little time
Current thread:
- Re: ftpd and setproctitle(), (continued)
- Re: ftpd and setproctitle() Kris Kennaway (Jul 06)
- More Detailed Info on the BitchX Format Bugs RoboHak (Jul 07)
- Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
- Re: More Detailed Info on the BitchX Format Bugs RoboHak (Jul 09)
- opieftpd setproctitle() patches Kris Kennaway (Jul 10)
- Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Ussr Labs (Jul 10)
- Security Update: Denial of Service against irc-BX Technical Support (Jul 07)
- Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies Lincoln Yeoh (Jul 08)
- Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
- Re: ftpd and setproctitle() D. J. Bernstein (Jul 07)
- Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
- Re: ftpd and setproctitle() Firstname Lastname (Jul 10)
- BitchX update Vincent Danen (Jul 07)
- Re: ftpd and setproctitle() Pavel Kankovsky (Jul 08)
- Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
- ANNOUNCE: PScan, a simple security scanner. Alan DeKok (Jul 07)
- Re: ftpd and setproctitle() Roger Espel Llima (Jul 07)
- Re: ftpd and setproctitle() Adam McKenna (Jul 07)
- Security Update: symlink attack on makewhatis script possible Technical Support (Jul 07)
- Re: ftpd and setproctitle() Nic Bellamy (Jul 07)