Re: /usr/bin/doscmd on BSDI

From: Keith Bostic (bosticat_private)
Date: Thu Mar 18 1999 - 09:16:03 PST

Next message: Most Psychoid: "IE5 - same vulnerabilities, only some fixed"

Previous message: aleph1at_private: "Security Bulletins Digest"
Maybe in reply to: kasper: "/usr/bin/doscmd on BSDI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I don't believe that there is a security problem in doscmd.  By the time
that doscmd can be affected by an overflow, permissions have been re-set
to the user's, with no dangerous file descriptors open.

(That's not to say the buffer overflows shouldn't be fixed, of course.)

Regards,
--keith

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Keith Bostic			bosticat_private

Next message: Most Psychoid: "IE5 - same vulnerabilities, only some fixed"
Previous message: aleph1at_private: "Security Bulletins Digest"
Maybe in reply to: kasper: "/usr/bin/doscmd on BSDI"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:39:17 PDT