Date: Thu, 7 Sep 2000 11:34:20 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> Cc: freebsd-security@FreeBSD.ORG Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <20000907113419.A38101@mithrandr.moria.org> In-Reply-To: <Pine.GSO.4.10.10009071052480.11627-100000@nenya.ms.mff.cuni.cz>; from mencl@nenya.ms.mff.cuni.cz on Thu, Sep 07, 2000 at 10:56:59AM %2B0200 References: <20000907104925.A37872@mithrandr.moria.org> <Pine.GSO.4.10.10009071052480.11627-100000@nenya.ms.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2000-09-07 (10:56), Vladimir Mencl, MK, susSED wrote: > > Why would someone install the sudo RedHat package on FreeBSD? > > sudo is a FreeBSD port, and is distributed in the set of precompiled > packages, for quite a long time, and is of course included in the package > set of the 4.1 release - sudo-1.6.3.4.tgz > > And sudo is a nice tool for delegating certain priviliges to users, > that's why I installed it. It's surely more secure, than telling > everybody the root password - although you have to be careful not to > create a security hole. I understand sudo is a FreeBSD package. However, it's insecurity has nothing to do with the glibc locale bug, so it should be investigated in its own context. I imagine bringing it to the attention of the sudo developers would be a good idea. I'd be surprised if they didn't fix it once aware of it. (I don't use sudo. Custom setuid scripts with rcs-aware editors running as user are usually much better.) Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000907113419.A38101>