Re: ddd smashed

[Pavel Kankovsky <peak () argo troja mff cuni cz>]

On 15 Jan 2002, l0rt wrote:

> Program  : ddd
> OS       : Linux
> DISTRO   : RedHat 7.1
> Issue    : 0x41414141 (no core tho)
> Home Page: http://www.gnu.org/software/ddd/
> suid     : No
> sgid     : No
> Issue    : ddd may be called by an suid helper binary and could be      
> exploited to gain local root access.

Why the hell would anyone ever want to invoke a *debugger* frontend via a
setuid helper?! Anyone stupid enough to do anything like that would create
multiple security holes an order of magnitude bigger than this little 
buffer overflow in ddd!

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."