Subject: Re: buffer overflows in libsa
To: Bill Studenmund <>
From: Steven M. Bellovin <>
List: tech-kern
Date: 08/23/2005 22:15:38
In message <>, Bill Studenmund writes:
>Content-Type: text/plain; charset=us-ascii
>Content-Disposition: inline
>Content-Transfer-Encoding: quoted-printable
>On Tue, Aug 23, 2005 at 10:47:22AM +0200, Roland Illig wrote:
>> matthew green wrote:
>> >one thing to be wary of is bloating the bootblocks.  all the
>> >proposed changes increase the size of text...
>> As soon as no-one needs it, the gets(3) function will be removed from=20
>> libsa. This will reduce the test size again. I think the effective=20
>> increase will be around less than 20 machine instructions. But that's=20
>> the price for not having buffer overflows. ;)
>I didn't ask this before, but what threat scenarios do we have in mind=20
>here? As David notes, such a buffer overflow would have to be something=20
>that someone at a keyboard can type into the system. And if someone can=20
>type arbitrary text at the keyboard, we have other issues.
>What threats do we have in mind? Or do we have a desire for a check-box=20
>validation (which can be important, I admit)?

What Bill said -- both parts.

Seriously -- in libsa, it's mostly a desire for clean coding practices; 
I don't see the incremental security risk in most situations.

		--Steven M. Bellovin,