On Friday 28 December 2007 09:30, Florian Weimer wrote: > * Kern Sibbald: > > - Fixed a seg fault reported by Frank Sweetser that depended on > > exact path lengths, but the problem was in bsnprintf.c > > Hi Kern, > > is this a security fix?
No there was no security problem that I am aware of, the seg fault was just a crash in a somewhat unusual situation. It is unlikely we will ever have security problems with our printf, because for security reasons I have turned off all exploitable "features" that are found in glibc and other system library printf implementations. Also Bacula's printf routines are 32/64 bit independent, which is unfortunately not the case in standard library implementations. For those of you who are interested in security, you will be happy to learn that in addition to the normal Bacula CRAM-MD5 authentication, Bacula version 3.0.0 (as currently in the trunk SVN) supports adding TLS authentication with certificates -- that is you can force Bacula to do TLS authentication only without doing the communications encryption that you normally get when TLS is enabled. This is an additional level of authentication protection for those who want to use it. Best regards, Kern ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users