Re: ppl bugs

[sec () wg camelot de (Stefan Zehl)]

In article <199611040954.EAA08420 () netspace org>, Walter Misar wrote:
> This two questions came to mind after reading about the ppl holes:
>
> Why is it necessary that /usr/spool/ppl is world writable ?
>
> Why does ppl dump core on buffer overflow ? Does it perhaps change it's real
> uid to 0 ?
Thats at least written on the Hp-Bug Web-Page
: ... the setuid root ppl conveniently turns your real uid to 0 before
: doing the string manipulation, and ...

CU,
        Sec

--
 Jeder Tag an dem du nicht lächelst, ist ein verlorener Tag. (C. Chaplin)
          Hiroshima '45    Tsjernobyl '86   Windows '95
          Black holes are where GOD is dividing by zero