Bugtraq mailing list archives
Re: ncurses 4.1 security bug
From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Sun, 12 Jul 1998 08:51:52 -0400
Theo de Raadt:
I've been told that vmailer calls issetugid() for similar reasons (if it exists, which means OpenBSD or FreeBSD, though the FreeBSD semantics are a tiny little bit different). (Wietse helped me clean up the man page).
This is correct (and thanks for acking my little contribution). Although no VMailer program is set-uid or set-gid itself, some programs might be called from one that is set-uid/set-gid, and therefore I attempt to take proper precautions. Just trying to stay abreast of the next couple waves of "new" security holes :-) Wietse PS. Yes, I know www.vmailer.org is down. I'll see what I can do.
Current thread:
- ncurses 4.1 security bug Duncan Simpson (Jul 07)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 08)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Warner Losh (Jul 09)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- Re: ncurses 4.1 security bug matthew green (Jul 10)
- Re: ncurses 4.1 security bug Theo de Raadt (Jul 10)
- Re: ncurses 4.1 security bug Wietse Venema (Jul 12)
- Seattle Lab fixes security issue in SLmail Aleph One (Jul 12)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- sshd gives out version number Tom Dyas (Jul 09)
- Re: Forwared to me Solar Designer (Jul 09)
- Remote count.cgi exploit mods _ _ (Jul 09)
- Re: Remote count.cgi exploit mods Gus (Jul 11)