Re: syslog vulnerability

Ed Arnold (era@ucar.edu)
Thu, 31 Aug 1995 15:57:44 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Slava Kritov: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Previous message: Mark A. Fullmer: "snprintf()"

Would someone please answer a really stupid question??

The solutions offered to the syslog problem are fairly long.
Why isn't it sufficient just to insure that the buffer passed
in by a hacker always gets sanitized to guarantee that it can't
overrun any buffers it gets strcpy()-ed to?  E.g.

#define BUFSIZ 4096
syslog(pri,msg,parms)
int pri; char *msg; int parms;
{
   char localmsg[BUFSIZ];

   strncpy(localmsg,msg,BUFSIZ);
   localmsg[BUFSIZ-1] = '\0';
   msg = localmsg;

Next message: Slava Kritov: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
Previous message: Mark A. Fullmer: "snprintf()"