Re: StackGuard

To: debian-devel@lists.debian.org
Subject: Re: StackGuard
From: Kalle Niemitalo <tosi@ees2.oulu.fi>
Date: 10 Nov 1998 01:04:57 +0200
Message-id: <[🔎] iznyapkqxgm.fsf@stekt41.oulu.fi>
In-reply-to: David Welton's message of Mon, 9 Nov 1998 12:38:43 -0800
References: <[🔎] Pine.LNX.3.96.981109093058.4981A-100000@arena.sci.univr.it> <[🔎] 19981109115548.A25102@wi.leidenuniv.nl> <[🔎] 19981109153108.A30276@worldvisions.ca> <[🔎] 19981109123843.C3731@gate.cks.com>

David Welton <davidw@gate.cks.com> writes:

> You also have to look at what programs root runs on tainted data.
> Remember the big fiasco with 'update' or whatever it was a while ago?
> Didn't it turn out to be 'find' or something?  Don't recall the
> specifics, but it certainly wasn't an suid program.

Is somewhere a list of programs considered safe to be called from
privileged scripts etc.?

-- 
Kalle Olavi Niemitalo <tosi@stekt.oulu.fi>, http://stekt.oulu.fi/~tosi/

Reply to:

References:
- StackGuard
  - From: Enrico Cherubini <kevin@arena.sci.univr.it>
- Re: StackGuard
  - From: "J.H.M. Dassen \(Ray\)" <jdassen@wi.leidenuniv.nl>
- Re: StackGuard
  - From: Avery Pennarun <apenwarr@worldvisions.ca>
- Re: StackGuard
  - From: David Welton <davidw@gate.cks.com>

Prev by Date: mutt in slink but not potato?
Next by Date: Re: Cluster Administration
Previous by thread: Re: StackGuard
Next by thread: Re: StackGuard
Index(es):
- Date
- Thread