Bugtraq mailing list archives
Re: ftpd and setproctitle()
From: djb () CR YP TO (D. J. Bernstein)
Date: Fri, 7 Jul 2000 17:42:48 -0000
Often an interface encourages bugs. The right way to use the interface isn't the easiest way to use the interface. This interface turns every new programmer into an enemy, creating bugs faster than we can fix them. The solution is to eliminate the interface. Design a new interface that doesn't encourage bugs. Then make sure that everyone switches to the new interface. Advertise the new interface. Make the old interface more and more difficult to use. Move gets() to /usr/lib/libbugpronestandards.a. Is this easier than documenting the right way to use the old interface? Of course not. But it can actually succeed. Documentation never will. For several years I've been systematically identifying and redesigning bug-prone interfaces. I don't have any more memory leaks, for example, because I'm now using memory-allocation interfaces where leaks are more difficult to write than correct code. In 1996, when I identified the flaw under discussion in setproctitle() et al., I worked out several solutions. Simplest was to make sure that typical strings fail miserably as format strings. Replace setproctitle() with a setproctitlex() that * removes an X from the beginning of the format string, or * changes the string to "Use (\"X%s\",...)" if there wasn't an X, and you'll never have to worry about this bug again. I'm actually using a different solution, but setproctitlex() has lower transition cost. Theo de Raadt writes:
Well, while everyone is talking about setproctitle affecting wuftpd, I should probably note that it even affects the OpenBSD ftpd. In fact, looking around, it looks like it might affect everyone's ftpd.
It doesn't affect publicfile's ftpd. http://cr.yp.to/publicfile.html ---Dan
Current thread:
- ftpd and setproctitle() Theo de Raadt (Jul 06)
- Re: ftpd and setproctitle() Kris Kennaway (Jul 06)
- More Detailed Info on the BitchX Format Bugs RoboHak (Jul 07)
- Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
- Re: More Detailed Info on the BitchX Format Bugs RoboHak (Jul 09)
- opieftpd setproctitle() patches Kris Kennaway (Jul 10)
- Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Ussr Labs (Jul 10)
- Security Update: Denial of Service against irc-BX Technical Support (Jul 07)
- Out of order SMTP DATA commands incorrectly allow pass-through mode in some firewall smtp filters/proxies Lincoln Yeoh (Jul 08)
- Re: More Detailed Info on the BitchX Format Bugs Ryan Russell (Jul 07)
- Re: ftpd and setproctitle() D. J. Bernstein (Jul 07)
- Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
- Re: ftpd and setproctitle() Firstname Lastname (Jul 10)
- BitchX update Vincent Danen (Jul 07)
- Re: ftpd and setproctitle() Pavel Kankovsky (Jul 08)
- Re: ftpd and setproctitle() Bernd Luevelsmeyer (Jul 07)
- ANNOUNCE: PScan, a simple security scanner. Alan DeKok (Jul 07)
- <Possible follow-ups>
- Re: ftpd and setproctitle() Roger Espel Llima (Jul 07)
- Re: ftpd and setproctitle() Adam McKenna (Jul 07)
- Security Update: symlink attack on makewhatis script possible Technical Support (Jul 07)
- Re: ftpd and setproctitle() Nic Bellamy (Jul 07)