Fyodor wrote: > > because originally the bug was simple > > if (cant_lookup_hostname(userdata)) { > syslog(userdata); > } > .. now they fixed it to be: > syslog("lookup screwed for: %s\n", userdata); > ... So if someone has written a bad syslog implementation, then the format string will get sent to the syslogd, and potentially exploit that? (Not that it wouldn't be the responsibility of the syslog program to not be exploited, of course.) Just seems to me that the statd code should use a smaller buffer, or strip out some characters, or something that wouldn't put such a scary entry into the log files. :) BB
This archive was generated by hypermail 2b30 : Wed Dec 05 2001 - 14:09:27 PST