oss-sec mailing list archives
Re: Buffer overflow in /bin/su from UNIX v4
From: Peter Gutmann <pgut001 () cs auckland ac nz>
Date: Tue, 6 Jan 2026 02:17:08 +0000
Alan Coopersmith <alan.coopersmith () oracle com> writes:
https://sigma-star.at/blog/2025/12/unix-v4-buffer-overflow/ examines the source code for su.c and shows that the buffer for password input is a simple 100 character array, but the loop to read password input has no boundary checks and will happily keep writing long past the end of the buffer.
It's also being discussed over on the Metzdowd cryptography list, including people providing interesting historical perspectives. The thread starts here: https://www.metzdowd.com/pipermail/cryptography/2026-January/039215.html Not all messages are present in the archive yet. Peter.
Current thread:
- Buffer overflow in /bin/su from UNIX v4 Alan Coopersmith (Jan 05)
- Re: Buffer overflow in /bin/su from UNIX v4 Peter Gutmann (Jan 05)
- Re: [External] : [oss-security] Buffer overflow in /bin/su from UNIX v4 Casper Dik (Jan 06)
- Re: Buffer overflow in /bin/su from UNIX v4 Alan Coopersmith (Mar 20)
- Message not available
- Re: Buffer overflow in /bin/su from UNIX v4 kf503bla (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Solar Designer (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Justin Swartz (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Steffen Nurpmeso (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Alan Coopersmith (Mar 21)
- Re: Buffer overflow in /bin/su from UNIX v4 Peter Gutmann (Mar 21)
- Message not available