no patch, is there a problem
David Schultz
das at FreeBSD.ORG
Thu Mar 17 21:27:03 PST 2005
On Thu, Mar 17, 2005, Colin Percival wrote:
> Timothy Smith wrote:
> > http://www.securityfocus.com/bid/12825/info/
> >
> > no patch or anything, is there any action on this?
>
> We're not affected. The problem is in copyoutstr(),
> which doesn't exist in FreeBSD.
>
> I've sent an email to securityfocus advising them of
> this.
It exists on FreeBSD/alpha because it was blindly copied from
NetBSD. However, we don't use it, and it appears to do proper
validation anyway.
I'm not sure whether the bugtraq submitter is intentionally
spreading FUD or just lazy; the assertion that we do ``no
validation'' in copyout is patently false. It seems that someone
just copied a list of all FreeBSD CVS branches without actually
looking at the source or contacting security at freebsd.org. Sigh.
More information about the freebsd-security
mailing list