This appears to be the case with the Debian version as well. It is due to an unprotected strcat in open_tty(void). This is trivially fixed as follows: 163a164 > #define BUFLEN 20 165c166 < char buf[20]; --- > char buf[BUFLEN]; 166a168 > int bufremaining=BUFLEN; 183c185,186 < strcat (buf, tty); --- > bufremaining -= strlen(buf); > strncat (buf, tty,bufremaining); There are unprotected buffers all over the place in mingetty.c, which leads me to conclude that other buffer overflows are very likely. > *nix Issue - Anyone with 'mingetty': > After all the vi overflows, and wu-ftpd etc recently I thought I would have a > sniff around a default redhat 7.1 box too see what I could find. Anyway I > managed to dump core on /sbin/mingetty and thought it would be worth > reporting: > [m0le@mainframe /sbin]$ ./mingetty `perl -e 'print "A"x9000'` > Segmentation fault > [m0le@mainframe /sbin]$ -- Derry Hamilton, rasilonat_private "I think your cats need tuning - according to a couple of quick measurements on a recently calibrated reference cat, the dominant frequency of a correctly adjusted cat should be 12Hz +/-20%." ===Lionel Lauer on a.s.r===
This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 11:10:58 PST