OK, I think we've had enough check-in on this one. Clearly, there is a problem with the older version of gzip, which Slackware is still shipping. It looks like patches are widely used elsewhere, whether they're official or not. A couple of people chimed in that a Solaris box or two gave the segfault, including Solaris 8. I'd like to see one or two posts on that indicating whether that was from the Sun additional software CD, or from sunfreeware, or self-compiled or what. I.e. if Sun is shipping the bad version, I want that documented. People often send messages (which I rarely approve) about why we're having a discussion about something that isn't setuid/setgid. The original poster outlines one scenario. There are others. I'm not opposed to allowing the occasion discussion about these kinds of bugs, especially if it's a common util. So, except for the Sun question above, or if someone writes an "exploit" for this, or if someone wants to contribute another scenarion where extra privs can be gained, I'll close this thread. BB
This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 14:33:13 PST