Re: Security hole in setuid packages
Daniel Quinlan wrote:
>> [...]
>> Anyway, here is my procedure for looking for likely vulnerable
>> programs.
>> [...]
>> -rwsr-xr-x 1 man root 66701 Jul 7 13:56 man
>> -rwsr-xr-x 1 man root 52521 Jul 7 13:56 mandb
>> [...]
Fabrizio Polacco <fpolacco@megabaud.fi> writes:
> Are these "vulnerable programs" ? Please, tell me why.
Probably not. I was one of the testers of mandb during its
development; the author was very careful to design the program to be
secure. Since it is setuid man, only the man page cache can be
compromised if something goes wrong.
Dan
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: