On Wed, 7 Aug 2002, Dan Dawson wrote: > Why is there a 80 character limitation on the combined > hostname and IP address that is logged by the ipop3d daemon > (in each of the syslog calls).
It avoids buffer overflows by setting a "reasonable" limitation. Note that for many years, 64 characters was the maximum permitted length of a DNS name due to the SMTP specification. That's since been expanded to 255 characters, but any DNS name of more than 64 characters is just asking for problems. > 1. Change the format for printing the hostname > from %.80s to %s > What risk does this pose? Ask your favorite bugtraq kiddie for how to crack security with buffer overflows. I wouldn't go there. > 2. Change each syslog call that logs a hostname > to log ip=[xxx.xxx.xxx.xxx] host=nameonlyhere Sounds like a reasonable compromise. Note that the purpose of the syslog entries is for logging, and not for use by some program such as your SMTP-after-POP3 authentication mechanism. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate.
