Bugtraq mailing list archives
Re: security hole in mailx
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Thu, 25 Jun 1998 12:07:18 -0600
Of course the OpenBSD mailx program isn't setuid or setgid. But we did an audit of the source code anyways. This particular buffer overflow isn't possible in our code, since $HOME is ignored the moment it becomes longer than MAXPATHNAMELEN. We found and fixed numerous other problems in mailx. If anyone intends to make this program setuid or setgid, they need to do a significant amount of work... or just copy our code. But I don't gaurantee all problems are fixed in our version... since we are not running setgid. We use a different mechanism for mail spool locking.
Current thread:
- Re: textcounter.pl SECURITY HOLE, (continued)
- Re: textcounter.pl SECURITY HOLE Rich Lafferty (Jun 24)
- Yipes named attack Anonymous (Jun 24)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)
- Re: security hole in mailx Ben Collins (Jun 25)
- Re: security hole in mailx Theo de Raadt (Jun 25)
- guestbook script is still vulnerable under apache Stunt Pope (Jun 25)
- Re: guestbook script is still vulnerable under apache Theo Van Dinter (Jun 25)
- Re: guestbook script is still vulnerable under apache Andru Luvisi (Jun 25)
- Re: guestbook script is still vulnerable under apache Lincoln Stein (Jun 26)
- dip-3.3.7p exploit (stackpatch_ Thomas Troeger (Jun 26)
- And another qpopper overflow (does this make 3?) Aaron D. Gifford (Jun 28)
- Re: dip-3.3.7p exploit (stackpatch_ M.C.Mar (Jun 28)
- WIPO Bill Aleph One (Jun 25)
- Re: guestbook script is still vulnerable under apache Dean Gaudet (Jun 25)
- Re: guestbook script is still vulnerable under apache Lars Eilebrecht (Jun 25)