I found a coredump in tracepath, which is part of the iputils package. I've tested this on RH 7.1 and 7.2, which both use the same version (from the iputils-20001110-1 rpm). [jon@devotchka jon]$ tracepath -n Segmentation fault (core dumped) [jon@devotchka jon]$ which tracepath /usr/sbin/tracepath [jon@devotchka jon]$ ls -la /usr/sbin/tracepath -rwxr-xr-x 1 root root 7036 Jan 16 2001 /usr/sbin/tracepath [jon@devotchka jon]$ gdb tracepath core <snip> #0 0x400b85e3 in strchr () from /lib/libc.so.6 #1 0xbffff834 in ?? () #2 0x40053306 in __libc_start_main (main=0x804903c <herror+2060>, argc=2, ubp_av=0xbffff834, init=0x8048688, fini=0x804932c <herror+2812>, rtld_fini=0x4000d2dc <_dl_fini>, stack_end=0xbffff82c) at ../sysdeps/generic/libc-start.c:129 Tracepath isn't setuid root in any distro i could find, so i figured that there's no harm in releasing this. But according to the manpage: "GENERAL NOTE: all these applets, except for tracepath[6] should be excecutabel only with CAP_NET_RAWIO capability. To all that I know, they are safe to be used as setuid root." If you have this installed (and I don't know of a distro that doesn't), make sure the setuid bit is turned off. I've submitted this to the author as well as redhat's bugzilla. -jon -- jonat_private || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 15:24:22 PST