Re: No root-compromising security holes

To: debian-devel@lists.debian.org, jbj@image.dk
Cc: 24898@bugs.debian.org
Subject: Re: No root-compromising security holes
From: John Goerzen <jgoerzen@complete.org>
Date: 23 Jul 1998 22:28:04 -0500
Message-id: <[🔎] 87u34853nf.fsf@garfield.complete.org>
In-reply-to: "Jakob Bøhm Jensen"'s message of "Fri, 24 Jul 1998 01:22:16 +0200"
References: <[🔎] 87lnpkfdov.fsf@garfield.complete.org> <35B7C5A8.9D40B440@image.dk>

"Jakob Bøhm Jensen" <jbj@image.dk> writes:

> In a moment, I will send John Goerzen a copy of the secret document,
> which points out that at least 2 of the bugs can positively be
> invoked from the net.

I received the document and did a thorough check.  There is no doubt
that there are buffer overflows (which is why the bug was not closed;
just downgraded) but there aren't root-compromising buffer overflows.

There may be a different hole, not reported specifically by Jakob (but 
related to what he reports) dealing with a mimstaken treatment of real 
uids and an undocumented feature.  I am investigating.

-- 
John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
----------------------------------------------------------------------------+
Visit the Air Capital Linux Users Group on the web at http://www.aclug.org

--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- No root-compromising security holes
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: A simple mistake (was Re: Should we ship KDE in hamm?)
Next by Date: The cfingerd story
Previous by thread: No root-compromising security holes
Next by thread: Intent to package: truc
Index(es):
- Date
- Thread