oss-sec mailing list archives
Re: Multiple telnet.c overflows
From: Tavis Ormandy <taviso () google com>
Date: Wed, 12 Dec 2018 11:59:12 -0800
On Wed, Dec 12, 2018 at 11:15 AM Bob Friesenhahn <bfriesen () simple dallas tx us> wrote:
On Wed, 12 Dec 2018, Tavis Ormandy wrote:It's not that environment handling is a non-issue, I've reported dozens over the years, it's just that it requires a privilege boundary. For example, setuid binaries are the classic example.Is a network connection between two machines not a 'privilege boundary'? If the remote machine has the ability to subvert the accessing machine (e.g. by transmitting something which causes harm to the client) then that seems to qualify.
That would certainly qualify, but the attack your describing does not seem relevant to this bug, no? Tavis.
Current thread:
- Multiple telnet.c overflows Hacker Fantastic (Dec 11)
- Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Bob Friesenhahn (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 14)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)