Subject: Re: buffer overflows in libsa
To: Bill Studenmund <wrstuden@NetBSD.org>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 08/23/2005 22:15:38
In message <20050824020030.GC14190@netbsd.org>, Bill Studenmund writes:
>Content-Type: text/plain; charset=us-ascii
>On Tue, Aug 23, 2005 at 10:47:22AM +0200, Roland Illig wrote:
>> matthew green wrote:
>> >one thing to be wary of is bloating the bootblocks. all the
>> >proposed changes increase the size of text...
>> As soon as no-one needs it, the gets(3) function will be removed from=20
>> libsa. This will reduce the test size again. I think the effective=20
>> increase will be around less than 20 machine instructions. But that's=20
>> the price for not having buffer overflows. ;)
>I didn't ask this before, but what threat scenarios do we have in mind=20
>here? As David notes, such a buffer overflow would have to be something=20
>that someone at a keyboard can type into the system. And if someone can=20
>type arbitrary text at the keyboard, we have other issues.
>What threats do we have in mind? Or do we have a desire for a check-box=20
>validation (which can be important, I admit)?
What Bill said -- both parts.
Seriously -- in libsa, it's mostly a desire for clean coding practices;
I don't see the incremental security risk in most situations.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb