Re: buffer overflow in /bin/gzip?
On Wed, 21 Nov 2001, Guillaume Morin wrote:
> Dans un message du 20 nov à 23:33, Anders Gjære écrivait :
> >
> > in gzip.c
> >
> > the line:
> > strcpy(nbuf,dir);
> >
> > should maybe be replaced with:
> > strncpy(nbuf, dir,sizeof(nbuf));
>
> gzip runs with user privileges, therefore this is not a security
> problem.
>
That is extremely sill and short sighted. What happens if root runs
gzip, for example root unzipping a tar ball for some new software.
To say it runs at user privileges *does not* stop it being a security
problem.
Benno
Reply to: