Re: ncurses 4.1 security bug

From: Wietse Venema (wietseat_private)
Date: Sun Jul 12 1998 - 05:51:52 PDT

Next message: Aleph One: "Seattle Lab fixes security issue in SLmail"

Previous message: Alan J Rosenthal: "Re: Remote count.cgi exploit mods"
Maybe in reply to: Duncan Simpson: "ncurses 4.1 security bug"
Next in thread: Ben Laurie: "Re: ncurses 4.1 security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Theo de Raadt:
> I've been told that vmailer calls issetugid() for similar reasons (if
> it exists, which means OpenBSD or FreeBSD, though the FreeBSD
> semantics are a tiny little bit different).  (Wietse helped me clean
> up the man page).

This is correct (and thanks for acking my little contribution).
Although no VMailer program is set-uid or set-gid itself, some
programs might be called from one that is set-uid/set-gid, and
therefore I attempt to take proper precautions.

Just trying to stay abreast of the next couple waves of "new"
security holes :-)

        Wietse

PS. Yes, I know www.vmailer.org is down. I'll see what I can do.

Next message: Aleph One: "Seattle Lab fixes security issue in SLmail"
Previous message: Alan J Rosenthal: "Re: Remote count.cgi exploit mods"
Maybe in reply to: Duncan Simpson: "ncurses 4.1 security bug"
Next in thread: Ben Laurie: "Re: ncurses 4.1 security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:24 PDT