Bugtraq mailing list archives
Re: ncurses 4.1 security bug
From: perry () piermont com (Perry E. Metzger)
Date: Tue, 7 Jul 1998 19:28:28 -0400
Duncan Simpson writes:
ncurses version 4.1 fails to drop priviledges before opening the termcap database and you can set any file(s) you like.
This is not a bug. ncurses is a *library*, not a *program*. It is up to suid programs to drop privileges, not every call that invokes them -- or are you going to declare the fact that fopen() doesn't drop privileges a "bug"? .pm
Current thread:
- ncurses 4.1 security bug Duncan Simpson (Jul 07)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 08)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Warner Losh (Jul 09)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- Re: ncurses 4.1 security bug matthew green (Jul 10)
- Re: ncurses 4.1 security bug Theo de Raadt (Jul 10)
- Re: ncurses 4.1 security bug Wietse Venema (Jul 12)
- Seattle Lab fixes security issue in SLmail Aleph One (Jul 12)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)