[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    Re: kdesecurity/review/docs
From:       Oswald Buddenhagen <ossi () kde ! org>
Date:       2002-12-07 8:21:38
[Download RAW message or body]

On Sat, Dec 07, 2002 at 05:40:33AM +0100, George Staikos wrote:
> CVS commit by staikos: 
> 
> memcpy can also be exploited easily enough
> 
same for memmove and the ancient bcopy. oh, and memset and bzero.
hmm, what more?
basically you'd have to add any memory transfer functions. however, they
are in another "security class" than strcpy and sprintf, as the range of
their operation is explicitly specified. it's not simpler to break stuff
with them than with c-array indexing - and you don't really want to
review all kde code for c-arrays, do you?

greetings

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.
[prev in list] [next in list] [prev in thread] [next in thread]