Hi !
> has anyone bothered to check IRIX, OSF, etc. etc. etc. ?
I've already posted some testing of FreeBSD & OSF 3.2 ( Digital Unix ) in
certain security-related newsgroups, so sorry for dupes all who had read
that already.
Tests shows that
a) FreeBSD 1.1.5.1 - max buffer size ~ 1700, the calling program
coredumps on 11. Although this is NOT the major problem, since sendmail
by itself ( at least 8.6.12 ) conducts extensive tests on values fed in
thus making this direction of attacks highly unprobable.
b) Dec Alpha AXP 2100 OSF 3.2 ( Digital Unix from now & forever :) -
max buffer size ~1600, silently ignores longer messages, no malfunctions
/ posteffects detected
>
> I'd like to see some sort of a robust test for the freaking
> thing that wasn't platform dependent, or at least had good
> assurance of adressing the problem.
Why not, that base program that was posted doesn't require modifications
to run on my platforms ( Dec, PC ).
I actually added a short loop incrementing the length of the buffer in
100 bytes chunks.
The only thing you should check is the log level - some syslogd's have
certain levels disabled/specifically configured etc.
> just my whacky perceptions... Really neither here nor there.
The only person you can trust in this world is yourself ....
Maybe ...
;)
> ________________________________________________________________
> tfs_at_vampire.science.gmu.edu (NeXTmail, MIME) Tim Scanlon
^^^^^^^
[flames off]
This should partially explain the dark mood of the author ;)
Best
Slava
Received on Sep 06 1995
Intro
