On Friday 28 December 2007 09:30, Florian Weimer wrote:
> * Kern Sibbald:
> > - Fixed a seg fault reported by Frank Sweetser that depended on
> >   exact path lengths, but the problem was in bsnprintf.c
>
> Hi Kern,
>
> is this a security fix?

No there was no security problem that I am aware of, the seg fault was just a 
crash in a somewhat unusual situation.  

It is unlikely we will ever have security problems with our printf, because 
for security reasons I have turned off all exploitable "features" that are 
found in glibc and other system library printf implementations.  Also 
Bacula's printf routines are 32/64 bit independent, which is unfortunately 
not the case in standard library implementations.

For those of you who are interested in security, you will be happy to learn 
that in addition to the normal Bacula CRAM-MD5 authentication, Bacula version 
3.0.0 (as currently in the trunk SVN) supports adding TLS authentication with 
certificates -- that is you can force Bacula to do TLS authentication only 
without doing the communications encryption that you normally get when TLS is 
enabled.  This is an additional level of authentication protection for those 
who want to use it.

Best regards,

Kern

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users

Reply via email to