[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security hole in setuid packages

Daniel Quinlan wrote:

>> [...]
>> Anyway, here is my procedure for looking for likely vulnerable
>> programs.
>> [...]
>> -rwsr-xr-x   1 man      root        66701 Jul  7 13:56 man
>> -rwsr-xr-x   1 man      root        52521 Jul  7 13:56 mandb
>> [...]

Fabrizio Polacco <fpolacco@megabaud.fi> writes:

> Are these "vulnerable programs" ?  Please, tell me why.

Probably not.  I was one of the testers of mandb during its
development; the author was very careful to design the program to be
secure.  Since it is setuid man, only the man page cache can be
compromised if something goes wrong.


TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: