Bugtraq mailing list archives

Re: ncurses 4.1 security bug

From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Sun, 12 Jul 1998 08:51:52 -0400


Theo de Raadt:

I've been told that vmailer calls issetugid() for similar reasons (if
it exists, which means OpenBSD or FreeBSD, though the FreeBSD
semantics are a tiny little bit different).  (Wietse helped me clean
up the man page).


This is correct (and thanks for acking my little contribution).
Although no VMailer program is set-uid or set-gid itself, some
programs might be called from one that is set-uid/set-gid, and
therefore I attempt to take proper precautions.

Just trying to stay abreast of the next couple waves of "new"
security holes :-)

        Wietse

PS. Yes, I know www.vmailer.org is down. I'll see what I can do.

Current thread:

ncurses 4.1 security bug Duncan Simpson (Jul 07)
- Re: ncurses 4.1 security bug Perry E. Metzger (Jul 07)
  - Re: ncurses 4.1 security bug Alan Cox (Jul 08)
    - Re: ncurses 4.1 security bug Perry E. Metzger (Jul 08)
    - Re: ncurses 4.1 security bug Alan Cox (Jul 08)
    - Re: ncurses 4.1 security bug Warner Losh (Jul 09)
    - Re: ncurses 4.1 security bug David Schwartz (Jul 09)
    - Re: ncurses 4.1 security bug matthew green (Jul 10)
    - Re: ncurses 4.1 security bug Theo de Raadt (Jul 10)
    - Re: ncurses 4.1 security bug Wietse Venema (Jul 12)
    - Seattle Lab fixes security issue in SLmail Aleph One (Jul 12)
    - Re: ncurses 4.1 security bug David Schwartz (Jul 09)
    - sshd gives out version number Tom Dyas (Jul 09)
  - Forwared to me Raymond Medeiros (Jul 08)
    - Re: Forwared to me Solar Designer (Jul 09)
    - Remote count.cgi exploit mods _ _ (Jul 09)
    - Re: Remote count.cgi exploit mods Gus (Jul 11)
    - Re: Forwared to me Raymond Medeiros (Jul 09)
    - socks5 1.0r5 buffer overflow.. Zach Brown (Jul 10)
    - Re: Forwared to me Toomas Soome (Jul 10)

(Thread continues...)