|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Solaris ff.core and wsinfo commands.
John C. Orthoefer (jco
bbn.com)Tue, 06 Dec 1994 18:34:58 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Stephen Gildea: "letter bombs: enable-local-eval saves Emacs 19"
- Previous message: Noah Friedman: "Re: Virus's -- This is an Emacs bomb (fwd)"
- In reply to: Bonfield James: "Solaris ff.core and wsinfo commands."
> I haven't seen any _obvious_ ways that these could be dangerous for security,
> but I'm naturally suspicious of any setuid/setgid program that crashes. Has
> anyone got any further info on these programs?
I sent this to James already, but forgot to cc the list.
Patch 101889-01 says-
Keywords: ff.core security hole
Synopsis: OpenWindows 3.3: filemgr forked execuatble ff.core has a
security hole.
Date: Aug/30/94
Solaris Release: 2.3
SunOS Release: 5.3
Unbundled Product: OpenWindows
Unbundled Release: 3.3
BugId's fixed with this patch: 1171394
Files included with this patch:
/usr/openwin/bin/ff.core
Problem Description:
1171394 filemgr forked execuatble ff.core has a security hole.
johno
-
John Orthoefer | Take this out and a Unix Demon will dog your steps from
<jcobbn.com> | now until the time_t's wrap around.
617-873-6188 | -- Curse from the tunefs(8) man page source
- Next message: Stephen Gildea: "letter bombs: enable-local-eval saves Emacs 19"
- Previous message: Noah Friedman: "Re: Virus's -- This is an Emacs bomb (fwd)"
- In reply to: Bonfield James: "Solaris ff.core and wsinfo commands."