> 4118295 LC_* can be used to obtain root access from setuid programs This is already fixed in Solaris 7 and the following patches for Solaris 2.6: RELEASE ARCH PATCH 5.6 i386 105211-06 5.6 sparc 105210-06 The exploit referred to in this thread is in the same area (locales and environment variables) but is different. > I've tried to find the referenced bug description, but I wasn't able to > find it on the Sunsolve KB. We tend to be cautious about publishing our security bugs. -- Peter Sustaining Engineer, Solaris Software, Sun Microsystems peter.harveyat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:17 PDT