Subject: Re: vixie-crontab vunerable?
To: None <current-users@NetBSD.ORG>
From: Michael Richardson <email@example.com>
Date: 12/16/1996 20:16:02
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Perry" == Perry E Metzger <firstname.lastname@example.org> writes:
Perry> I think, however, that any SUID or daemon program that is
Perry> not performance critical should probably have all the
Perry> string manipulators converted over. I can't think of many
Perry> that are performance critical -- so this means most of
Let's not forget this; we are talking about putting together a
I'd say build it and remove all the "unsafe" functions so we get
What we need is for someone to
1. make bsd.suidprog.mk
2. build the libcsafe
and then we just need to generate a list of programs that
are affected (remember, this includes root-run daemons that accept
input, e.g. telnetd, rlogind, rshd, inetd, etc). A group of people can
then go through these programs and make sure that they link.
My opinion is that disk space is cheap, and I'm willing to have all
setuid programs and common root-run daemons statically linked. X is
the one exception.
I would be happy to do #1 and #2, and collect the list of things
that people think should be removed from libcsafe along with the list
of programs affected.
:!mcr!: | Network security consulting and
Michael Richardson | contract programming
WWW: email@example.com. PGP key available.
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----