Bugtraq mailing list archives
Re: ncurses 4.1 security bug
From: mrg () ETERNA COM AU (matthew green)
Date: Fri, 10 Jul 1998 19:35:50 +1000
> > 1. The libraries will use message catalogs and may open them before > > you do > > In NetBSD, the message catalogs we use don't work that way, so I > suppose I'm not familiar with this issue. Does libc load message databases of your choice - like say /dev/tape ? The problems are those of dropping privliedges early enough. As to the bug list thats real apps that need fixing - and should be fixed regardless of whether people bandaid ncurses. how do you fix this? how does a _library_ know this? openbsd has defined an issetugid() syscall (or something) that libraries could use to ignore the things like $TAPE and $TERMCAP, etc., but that isn't correct. how does it know what the real userid _really_ is, to perform the necessary checks on whether a file will be used or not -- or do you simple say that priviledged programs don't get this functionality? i also don't see how the linux setfsuid() really helps here, either. i've had fixing this in problem in my TODO liist for over 2 years but without a total solution i've left it as is for now. these are the variables listed that NetBSD uses that i've determined are affected: - TZ - TERMCAP - HOSTALIASES
Current thread:
- ncurses 4.1 security bug Duncan Simpson (Jul 07)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 08)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Warner Losh (Jul 09)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- Re: ncurses 4.1 security bug matthew green (Jul 10)
- Re: ncurses 4.1 security bug Theo de Raadt (Jul 10)
- Re: ncurses 4.1 security bug Wietse Venema (Jul 12)
- Seattle Lab fixes security issue in SLmail Aleph One (Jul 12)
- Re: ncurses 4.1 security bug Alan Cox (Jul 08)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
- Re: ncurses 4.1 security bug David Schwartz (Jul 09)
- sshd gives out version number Tom Dyas (Jul 09)
- Re: Forwared to me Solar Designer (Jul 09)
- Remote count.cgi exploit mods _ _ (Jul 09)
- Re: Remote count.cgi exploit mods Gus (Jul 11)