NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SuSE Linux> 2001-q1

From: Sebastian Krahmer (krahmersuse.de)
Date: Tue Feb 06 2001 - 09:29:58 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

the format issue of man seems harmless.
the bug lies inhere

   /* XXX */
                                if (!display (NULL, argv[optind], NULL,
                                             basename(argv[optind]))) {
                                        error (0, errno, argv[optind]);
                                        exit_status = NOT_FOUND;
                                }

where error() is format-capable. However root privs are dropped before.
So, you could gain a user-shell if you want.
Please dont run man setgid, as man doesnt drop effective group ID.

l8,
Sebastian

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]