"Secure coding" audit checkers and Kerberos
raeburn at MIT.EDU
Wed Oct 15 17:40:49 EDT 2008
On Oct 15, 2008, at 17:23, John Hascall wrote:
> See https://BuildSecurityIn.us-cert.gov/daisy/bsi-rules/home/g1/838-BSI.html
That article mentions a few operating systems but doesn't tell us
which versions of what systems actually have problems in snprintf.
The negative return value we can deal with. The lack of null
termination is interesting -- but without discussing *specific*
operating systems and versions it's unclear if we need to worry about
it. The failure to avoid buffer overflows is a serious problem, and
should be addressed by the vendor, but we don't know which that is or
what versions of the OSes.
They do mention libc4 on Linux, which I doubt anyone uses any more,
and even if they do, I'm pretty sure we already use stuff that it
doesn't support; they mention "some old HP systems" with even less
You could make similar, vague non-portability claims about sprintf;
after all, "some old systems" returned char* instead of int, so you
really can't use it portably, right? If we've got concrete data of
modern systems (or at least systems people are still running, that
otherwise provide the facilities we require) with particular problems,
we can address them.
At some point we need to just tell people to join the 21st^H^H^H^Hlate
90s and run something vaguely compliant with standards and with at
least some attention to security.
More information about the krbdev