Security fix for procfs

Contributed by grey on 2004-05-13 from the fixit dept.

Thanks to Jose Nazario for pointing out that Patch 006 for 3.5 and 020 for 3.4 are available.

005: SECURITY FIX: May 13, 2004
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.

Update: the patch number is now correctly referenced on the corresponding errata pages.

(Comments are closed)

Comments

By Anonymous Coward (195.217.242.33) on 2004-05-17 08:35

"Use of procfs is not recommended."
Comments
1. By Anonymous Coward (195.217.242.33) on 2004-05-17 08:36
  
  oops ! sorry what I meant to say was, "Use of procfs is not recommended." why is this ?
  Comments
  1. By tedu (128.12.75.69) on 2004-05-17 17:09
    
    it doesn't provide much in the way of features, and has historically been a security hazard for every OS to implement one.

Latest Articles

Fri, Apr 26
- 08:33 Passphrase timeout for disk decryption at boot added (potential battery lifesaver) (2)
Wed, Apr 24
- 04:35 Game of Trees 0.98 released (2)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (12)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]