Security Audit, was Re: [crossfire] Server release?
Mitch Obrian
mikeeusaaa at yahoo.com
Sat Apr 16 14:30:53 CDT 2005
A security audit would be good. No fun getting
HAZZ()3D!
--- tchize <
tchize at myrealbox.com
> wrote:
>
I fixed this a few time ago (i think). This was
>
related to server dying on a
>
sigpipe on abrupt connection close.
>
>
Just one note, on security.
>
Every part of the code is subject to strings
>
overflows. I have seen countless
>
calls to sprintf instead of snprintf, which is
>
inherently unsecure. Some
>
parts of those calls involve datas provided by
>
client.
>
>
Le Vendredi 15 Avril 2005 22:25, Alex Schultz a
>
écrit :
>
Andrew Fuchs wrote:
>
>Anyone want to to a security audit first? And give
>
server admins a
>
>fair warning before it happens...
>
>
Well... I do remember seeing a little back that one
>
person (can't
>
remember who) was connecting to crossfire on
>
metalforge via telnet going
>
to the cf port, and was able to chat etc. however
>
the server crashed
>
when he tried to close telnet in a certain way
>
(can't exactly remember
>
how...)
>
>
_______________________________________________
>
crossfire mailing list
>
crossfire at metalforge.org
>
http://mailman.metalforge.org/mailman/listinfo/crossfire
>
>
--
>
--
>
David Delbecq
>
d.delbecq at laposte.net
>
Public PGP KEY FINGERPRINT:
>
F4BC EF69 54CC F2B5 4621 8DAF 1C71 8E6B 5436
>
C17C
>
Public PGP KEY location:
>
>
http://wwwkeys.pgp.net:11371/pks/lookup?op=index&search=tchize
>
>
http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x5436C17C
>
> _______________________________________________
>
crossfire mailing list
>
crossfire at metalforge.org
>
http://mailman.metalforge.org/mailman/listinfo/crossfire
>
__________________________________
Do you Yahoo!?
Plan great trips with Yahoo! Travel: Now over 17,000 guides!
http://travel.yahoo.com/p-travelguide
More information about the crossfire
mailing list