|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ncurses 4.1 security bug
Wietse Venema (wietse
PORCUPINE.ORG)Sun, 12 Jul 1998 08:51:52 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Aleph One: "Seattle Lab fixes security issue in SLmail"
- Previous message: Gene Spafford: "Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)"
- In reply to: Theo de Raadt: "Re: ncurses 4.1 security bug"
- Next in thread: David Schwartz: "Re: ncurses 4.1 security bug"
Theo de Raadt:
> I've been told that vmailer calls issetugid() for similar reasons (if
> it exists, which means OpenBSD or FreeBSD, though the FreeBSD
> semantics are a tiny little bit different). (Wietse helped me clean
> up the man page).
This is correct (and thanks for acking my little contribution).
Although no VMailer program is set-uid or set-gid itself, some
programs might be called from one that is set-uid/set-gid, and
therefore I attempt to take proper precautions.
Just trying to stay abreast of the next couple waves of "new"
security holes :-)
Wietse
PS. Yes, I know www.vmailer.org is down. I'll see what I can do.
- Next message: Aleph One: "Seattle Lab fixes security issue in SLmail"
- Previous message: Gene Spafford: "Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)"
- In reply to: Theo de Raadt: "Re: ncurses 4.1 security bug"
- Next in thread: David Schwartz: "Re: ncurses 4.1 security bug"