|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ncurses 4.1 security bug
Perry E. Metzger (perry
piermont.com)Tue, 7 Jul 1998 19:28:28 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Allanah Myles: "Re: Sun libnsl lameness"
- Previous message: Duncan Simpson: "ncurses 4.1 security bug"
- In reply to: Duncan Simpson: "ncurses 4.1 security bug"
- Next in thread: Alan Cox: "Re: ncurses 4.1 security bug"
Duncan Simpson writes: > ncurses version 4.1 fails to drop priviledges before opening the > termcap database and you can set any file(s) you like. This is not a bug. ncurses is a *library*, not a *program*. It is up to suid programs to drop privileges, not every call that invokes them -- or are you going to declare the fact that fopen() doesn't drop privileges a "bug"? .pm
- Next message: Allanah Myles: "Re: Sun libnsl lameness"
- Previous message: Duncan Simpson: "ncurses 4.1 security bug"
- In reply to: Duncan Simpson: "ncurses 4.1 security bug"
- Next in thread: Alan Cox: "Re: ncurses 4.1 security bug"