Date: Fri, 08 Sep 2000 12:20:25 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: "Vladimir Mencl, MK, susSED" <mencl@nenya.ms.mff.cuni.cz> Cc: David Pick <D.M.Pick@qmw.ac.uk>, freebsd-security@freebsd.org, security-officer@freebsd.org Subject: Re: UNIX locale format string vulnerability (fwd) Message-ID: <15241.968408425@axl.fw.uunet.co.za> In-Reply-To: Your message of "Fri, 08 Sep 2000 12:07:18 %2B0200." <Pine.GSO.4.10.10009081156510.7783-100000@nenya.ms.mff.cuni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 08 Sep 2000 12:07:18 +0200, "Vladimir Mencl, MK, susSED" wrote: > > It would be *much* safer to adopt a "deny all and only allow a > > list of variables that are known to be safe and wanted" approach > > rather than a "block the ones we know are unsafe and miss blocking > > a few we don't know about". > > Yes, that is the correct approach. So which one of you gentlemen is going to take this up with the sudo developer, Todd Miller <Todd.Miller@cs.colorado.edu>? Or are you both just talking for the sake of being heard? :-) Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15241.968408425>