On Nov 1, 1999, monti <montiat_private> wrote: > I confirmed a few exploitable buffer overflows in multiple suid's on an > earlier version of amanda on BSDI as well a while back. As I recollect > 'runtar' was one of them. It's probably time to refresh your view :-) Amanda has undergone a major security auditing before release 2.4.0 final (the latest stable release is 2.4.1p1), in which a couple of security problems have been fixed, and a lot of security problem-prone constructs have been reworked to avoid buffer overflows and such. Anyway, we'd be very interested in being informed (preferably in advance :-) if any problems remained, or if any new ones have been introduced. Thanks for your concern. -- Alexandre Oliva http://www.ic.unicamp.br/~oliva IC-Unicamp, Bra[sz]il oliva@{lsd.ic.unicamp.br,guarana.{org,com}} aoliva@{acm,computer}.org oliva@{gnu.org,kaffe.org,{egcs,sourceware}.cygnus.com,samba.org} ** I may forward mail about projects to mailing lists; please use them
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:26 PDT