Re: Bug#27050 (fdutils): A cause for security concern?
I wrote:
> I looked around in the code a bit more and found a few dubious looking
> sprintf's. What else should I look for? I already checked for 'system'
> and 'execve'.
Wichert Akkerman writes:
> Please do so.
Please do *what*?
As I noted, there are no calls to system or its ilk. I know how to fix the
sprintf's. My plan now is to analyze the path followed by strings from
input to consumption. The control port is protected by a password: I'll
look for holes in the password checking.
What else?
--
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI
Reply to: