oss-sec mailing list archives
Re: Multiple telnet.c overflows
From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Wed, 12 Dec 2018 13:10:24 -0600 (CST)
On Wed, 12 Dec 2018, Tavis Ormandy wrote:
It's not that environment handling is a non-issue, I've reported dozens over the years, it's just that it requires a privilege boundary. For example, setuid binaries are the classic example.
Is a network connection between two machines not a 'privilege boundary'? If the remote machine has the ability to subvert the accessing machine (e.g. by transmitting something which causes harm to the client) then that seems to qualify.
Bob -- Bob Friesenhahn bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ Public Key, http://www.simplesystems.org/users/bfriesen/public-key.txt
Current thread:
- Multiple telnet.c overflows Hacker Fantastic (Dec 11)
- Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Bob Friesenhahn (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 14)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)