Re: No root-compromising security holes
"Jakob Bøhm Jensen" <jbj@image.dk> writes:
> In a moment, I will send John Goerzen a copy of the secret document,
> which points out that at least 2 of the bugs can positively be
> invoked from the net.
I received the document and did a thorough check. There is no doubt
that there are buffer overflows (which is why the bug was not closed;
just downgraded) but there aren't root-compromising buffer overflows.
There may be a different hole, not reported specifically by Jakob (but
related to what he reports) dealing with a mimstaken treatment of real
uids and an undocumented feature. I am investigating.
--
John Goerzen Linux, Unix consulting & programming jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
----------------------------------------------------------------------------+
Visit the Air Capital Linux Users Group on the web at http://www.aclug.org
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: