oss-sec mailing list archives
Re: siege: off-by-one in load_conf()
From: "Jason A. Donenfeld" <zx2c4 () gentoo org>
Date: Mon, 20 Jul 2015 15:23:23 +0200
Hi folks, Chiming in on behalf of Gentoo Security Team. Bug report here, see comment 5: https://bugs.gentoo.org/show_bug.cgi?id=554914#c5 In sum, I also fail to see how this is a security issue. Does anybody make siege SUID, or give it untrusted input, or anything like that? @ago - what's the attack vector you have in mind with this bug? Feel free to find me in #gentoo-security if you want to work out conversationally what you have in mind with this finding. Jason
Current thread:
- siege: off-by-one in load_conf() Agostino Sarubbo (Jul 14)
- Re: siege: off-by-one in load_conf() Seth Arnold (Jul 14)
- Re: siege: off-by-one in load_conf() Agostino Sarubbo (Jul 14)
- Re: siege: off-by-one in load_conf() Jason A. Donenfeld (Jul 20)
- Re: siege: off-by-one in load_conf() Agostino Sarubbo (Jul 14)
- Re: siege: off-by-one in load_conf() Seth Arnold (Jul 14)