"Secure coding" audit checkers and Kerberos

Ken Raeburn raeburn at MIT.EDU
Wed Oct 15 17:40:49 EDT 2008

On Oct 15, 2008, at 17:23, John Hascall wrote:
> See https://BuildSecurityIn.us-cert.gov/daisy/bsi-rules/home/g1/838-BSI.html

That article mentions a few operating systems but doesn't tell us  
which versions of what systems actually have problems in snprintf.   
The negative return value we can deal with.  The lack of null  
termination is interesting -- but without discussing *specific*  
operating systems and versions it's unclear if we need to worry about  
it.  The failure to avoid buffer overflows is a serious problem, and  
should be addressed by the vendor, but we don't know which that is or  
what versions of the OSes.

They do mention libc4 on Linux, which I doubt anyone uses any more,  
and even if they do, I'm pretty sure we already use stuff that it  
doesn't support; they mention "some old HP systems" with even less  

You could make similar, vague non-portability claims about sprintf;  
after all, "some old systems" returned char* instead of int, so you  
really can't use it portably, right?  If we've got concrete data of  
modern systems (or at least systems people are still running, that  
otherwise provide the facilities we require) with particular problems,  
we can address them.

At some point we need to just tell people to join the 21st^H^H^H^Hlate  
90s and run something vaguely compliant with standards and with at  
least some attention to security.


More information about the krbdev mailing list