Re: Security hole in setuid packages
Daniel Quinlan wrote:
>> Anyway, here is my procedure for looking for likely vulnerable
>> -rwsr-xr-x 1 man root 66701 Jul 7 13:56 man
>> -rwsr-xr-x 1 man root 52521 Jul 7 13:56 mandb
Fabrizio Polacco <email@example.com> writes:
> Are these "vulnerable programs" ? Please, tell me why.
Probably not. I was one of the testers of mandb during its
development; the author was very careful to design the program to be
secure. Since it is setuid man, only the man page cache can be
compromised if something goes wrong.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com