OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: SysVinit audit: mesg and wall
From: Marco d'Itri (mdlinux.it)
Date: Thu Sep 07 2000 - 05:21:22 CDT


On Sep 07, Tim Robbins <fyrebox3n.gumbynet.org> wrote:

>> > A month or so ago I sent a patch that fixed the overflow. The maintainer's
>> > response was that this was not important since wall does not run suid or
>> > sgid.
>> I find it hard to believe he said that, considering he maintains the
>> Debian package as well which does install wall setgid tty.
>Yeah, I found it hard to believe myself. Maybe I confused him or
>something, and I can't find a copy of the email he wrote me anymore. He
I really think you are, because I'm the new maintainer of the
bsdmainutils package and I don't remember receiving any patch about
buffer overflows.
Note that the debian version of wall is ported from FreeBSD.

-- 
ciao,
Marco