Re: Results of environment variable fuzzing Debian 5.05 SUID/SGIDs
Hi,
On Tue, Jan 18, 2011 at 09:15:46AM +0000, Steve Kemp wrote:
> On Tue Jan 18, 2011 at 13:49:23 +1100, Silvio Cesare wrote:
>
> > lbreakout2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608980
>
> That could well be a duplicate of CAN-2004-0158, which was fixed
> in Woody:
>
> http://lists.debian.org/debian-changes/2004/02/msg00029.html
lbreakout2 drops setgid immediately after opening the highscore file. This
crash isn't a security issue. (I've updated the bug report too.)
--
Kees Cook @debian.org
Reply to: