Re: Privsec vuln in beep / Code execution in GNU patch

[Sebastian Krahmer <half.linked.list () gmail com>]

Hi

 : 
> If anyone knows the background of this please share it.

lulz. There is indeed a double free of console_device,
if a SIGINT is caught right before main() returns.
(Looking at git dbf0b4). Besides the easter egg, the patch
is still wrong. optarg may be reused via console_device, so the strdup()
is OK, but the ressource-free and signal handling isnt.

Shouts to the beep trolls. I strongly challenge the oppinion that security
is better done without it ...

Brave Knights who found issues in such small code base.

lg
-s


-- 

~
~ perl <-> $_='print"\$_=\47$_\47;eval"';eval
~ bash <-> $(curl stealth.openwall.net/null/nuts.txt)