Re: ncurses 4.1 security bug

From: Perry E. Metzger (perryat_private)
Date: Tue Jul 07 1998 - 16:28:28 PDT

Next message: Allanah Myles: "Re: Sun libnsl lameness"

Previous message: Duncan Simpson: "ncurses 4.1 security bug"
Maybe in reply to: Duncan Simpson: "ncurses 4.1 security bug"
Next in thread: Alan Cox: "Re: ncurses 4.1 security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Duncan Simpson writes:
> ncurses version 4.1 fails to drop priviledges before opening the
> termcap database and you can set any file(s) you like.

This is not a bug. ncurses is a *library*, not a *program*. It is up
to suid programs to drop privileges, not every call that invokes them --
or are you going to declare the fact that fopen() doesn't drop
privileges a "bug"?

.pm

Next message: Allanah Myles: "Re: Sun libnsl lameness"
Previous message: Duncan Simpson: "ncurses 4.1 security bug"
Maybe in reply to: Duncan Simpson: "ncurses 4.1 security bug"
Next in thread: Alan Cox: "Re: ncurses 4.1 security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:14 PDT