gnu/45168: Buffer overflow in /usr/bin/dialog
Kris Kennaway
kris at obsecurity.org
Thu Oct 13 14:46:04 PDT 2005
On Thu, Oct 13, 2005 at 09:30:27PM +0000, Nate Eldredge wrote:
> The following reply was made to PR gnu/45168; it has been noted by GNATS.
>
> From: Nate Eldredge <nge at cs.hmc.edu>
> To: bug-followup at FreeBSD.org, saturnero at freesbie.org
> Cc: daveb at optusnet.com.au, freebsd-current at cs.hmc.edu
> Subject: Re: gnu/45168: Buffer overflow in /usr/bin/dialog
> Date: Thu, 13 Oct 2005 14:29:43 -0700 (PDT)
>
> libdialog appears to be brimming with bugs of this sort. Lots of uses of
> strcpy / strcat. It probably needs a complete audit. Ideally there
> should be no MAX_LEN and everything dynamically allocated. I hope to god
> it is never run by anything with elevated privileges.
void init_dialog(void)
{
if (issetugid()) {
errx(1, "libdialog is unsafe to use in setugid applications");
}
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-bugs/attachments/20051013/0adcd19c/attachment.bin
More information about the freebsd-bugs
mailing list