oss-sec mailing list archives

Re: Multiple telnet.c overflows

From: Bob Friesenhahn <bfriesen () simple dallas tx us>
Date: Wed, 12 Dec 2018 13:10:24 -0600 (CST)

On Wed, 12 Dec 2018, Tavis Ormandy wrote:

It's not that environment handling is a non-issue, I've reported
dozens over the years, it's just that it requires a privilege
boundary. For example, setuid binaries are the classic example.

Is a network connection between two machines not a 'privilegeboundary'? If the remote machine has the ability to subvert theaccessing machine (e.g. by transmitting something which causes harm tothe client) then that seems to qualify.


Bob
--
Bob Friesenhahn
bfriesen () simple dallas tx us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
Public Key,     http://www.simplesystems.org/users/bfriesen/public-key.txt

Current thread:

Multiple telnet.c overflows Hacker Fantastic (Dec 11)
- Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)
  - Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
    - Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
    - Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
    - Re: Multiple telnet.c overflows Bob Friesenhahn (Dec 12)
    - Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
    - Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
    - Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
    - Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
    - Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
    - Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
    - Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
    - Re: Multiple telnet.c overflows Hacker Fantastic (Dec 14)