[nas] nas: Multiple Vulnerabilities in nas 1.9.3
Jon Trulson
jon at radscan.com
Thu Aug 15 12:13:14 MDT 2013
On Thu, 15 Aug 2013, Erik Auerswald wrote:
> Hi,
>
> On Thu, Aug 15, 2013 at 01:07:20PM +0200, Erik Auerswald wrote:
>> On Thu, Aug 15, 2013 at 09:27:53AM +0430, Hamid Zamani wrote:
>>> On 08/15/2013 03:07 AM, Erik Auerswald wrote:
>>> [...]
>>> just a issue is in my mind and it is about 'AuServerHostName'. It's
>>> correct that almost all of string calls fixed right now but i think for
>>> later use it would be better to think about checking this or use a
>>> limitation about it. What do you think ?
>>
>> [...]
>> It was easier to just mechanically add range checks, than to understand
>> and check for what constitutes a correct value for AUDIOHOST. ;-)
>
> The code in question is used on Amoeba (http://www.cs.vu.nl/pub/amoeba/)
> only. As far as I understand the code it will not work without the
> AUDIOHOST environment variable, because AuServerHostName is not set
> anywhere else. The AuServerHostName variable is used on Amoeba only.
>
> Unless somebody comes up with a patch or a good description of how to check
> this variable, I suggest leaving this code as is.
>
> We might want to drop support for the Amoeba OS. We could use a census of
> currently "supported" operating systems to decide which of them can be
> supported in reality.
>
According to:
https://en.wikipedia.org/wiki/Amoeba_%28operating_system%29
The last change was on 12 February 2001. I vote for dropping it. As
well as Minix as well. We don't have them, can't test them and no one
else that does use them has stepped up, so...
> Cheers,
> Erik
>
--
Jon Trulson
"I was not genomed to alter reality."
- Sonmi 451
More information about the nas
mailing list