Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [linux-security] Re: Re: so-called snprintf() in db-1.85.4
From: tarreau () AEMIAIF LIP6 FR (Willy TARREAU)
Date: Thu, 10 Jul 1997 16:58:43 +0200

---------- Forwarded message ----------
Date: Wed, 9 Jul 1997 11:20:08 -0400 (EDT)
From: Illuminati Primus <vermont () gate net>
To: Hal DeVore <hdevore () bmc com>
Cc: Thomas Roessler <roessler () guug de>, linux-security () redhat com
Subject: [linux-security] Re: Re: so-called snprintf() in db-1.85.4

ldd /usr/sbin/sendmail
        libgdbm.so.1 => /lib/libgdbm.so.1
        libdb.so.1 => /usr/lib/libdb.so.1
        libc.so.5 => /lib/libc.so.5

Does this mean that the all occurences of snprintf in my sendmail are now
susceptible to overflows?  Or might the order of the links to the
libraries override libdb's snprintf with the libc version?  I am unsure
about how symbols are loaded from libraries...

Personnaly, I've patched my libdb.so.1 to rename sprintf() and snprintf()
so that I'm sure that no program will use them. As they are also defined
in libc.so, this should never cause any problem.

| Willy Tarreau | tarreau () aemiaif lip6 fr | http://www-miaif.lip6.fr/willy/ |
| Magistere d'Informatique Appliquee de l'Ile de France (MIAIF), promo 97   |
| DEA  A.S.I.M.E. |  Universite Pierre et Marie Curie (Paris 6), FRANCE     |

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]