lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <174676.1379097954@turing-police.cc.vt.edu>
Date: Fri, 13 Sep 2013 14:45:54 -0400
From: Valdis.Kletnieks@...edu
To: noloader@...il.com
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
 Steve Wray <stevedwray@...il.com>
Subject: Re: Internet has vuln.

On Thu, 12 Sep 2013 18:23:53 -0400, Jeffrey Walton said:

> They ignored my comments on fixed size arrays based on MAX_PATH and
> the subsequent overflows and silent truncations due to use of sprintf
> and snprintf....

Which "they" was it?

If you're referring to this:

http://comments.gmane.org/gmane.comp.security.selinux/16844

Note that the guy you were replying to was a Japanese software engineer
employed by NEC.  If you want to argue the guy was an NSA plant trying to get a
backdoor in, feel free. But don't expect to be taken seriously without some
additional evidence.

And it counted as "underhanded", how, exactly?

In other words - under what conditions can you make a truncation to MAX_PATH
cause an actual hole? And to count as "underhanded" rather than merely "buggy",
you'd need at least a whiff of evidence that it was intentional.

Or as Kohei replied to you:

"The selinux_mnt is not a variable given by external one, unless
application does not update it by itself.

It is not difficult to modify this part to return ENAMETOOLONG
when snprintf() returns larger or equal with PATH_MAX."

In the Linux community, this would count as '-ENOPATCH', as I'm not
finding where you ever submitted a patch to fix the issue.



Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ