OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
SuSE security discussion: Re: [suse-security] Correction: was :

Re: [suse-security] Correction: was :(re: [suse-security] netscape call chown)

Subject: Re: [suse-security] Correction: was :(re: [suse-security] netscape call chown)
From: Roman Drahtmueller (drahtuni-freiburg.de)
Date: Wed Jan 19 2000 - 01:21:51 CST

> >> today i found that netscape calls "chown".
>
> not chown, but chmod.
>
> > Send bug reports concerning non-open-source programs to the authors.
> > We can't fix bugs w/o source code.
>
> that's what i did. send it to netscape.
>
> but that's not only a bug. it's a security-hole too isn't it?

I still wonder where the problem is with that. While it may be a nasty
habit to do a system("chmod...") instead of chmod(2), I don't see a
security-related problem unless the PATH is messed up.

And since I'm certain that users don't run netscape as root (*g*), the
chown shouldn't do any harm, too.

Roman. 

-- 
 _                                                                   _
| Roman Drahtmüller               "Freedom means that you can choose  |
  CC University of Freiburg        what you want to learn at a given  
| email: drahtuni-freiburg.de     time."            A. Becker, 1999  |
 -                                                                   -
People often find it easier to be a result of the past than a cause of
the future.

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

This archive was generated by hypermail 2b27 : Wed Jan 19 2000 - 01:23:12 CST