From owner-cvs-src@FreeBSD.ORG  Wed Nov 22 21:59:13 2006
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CE4CC16A412
	for <cvs-src@FreeBSD.org>; Wed, 22 Nov 2006 21:59:13 +0000 (UTC)
	(envelope-from cperciva@freebsd.org)
Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id F229C43D79
	for <cvs-src@FreeBSD.org>; Wed, 22 Nov 2006 21:58:33 +0000 (GMT)
	(envelope-from cperciva@freebsd.org)
Received: from pd5mr5so.prod.shaw.ca
	(pd5mr5so-qfe3.prod.shaw.ca [10.0.141.181]) by l-daemon
	(Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004))
	with ESMTP id <0J9500GWCJNVFJ10@l-daemon> for cvs-src@FreeBSD.org; Wed,
	22 Nov 2006 14:57:31 -0700 (MST)
Received: from pn2ml3so.prod.shaw.ca ([10.0.121.147])
	by pd5mr5so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05
	(built Sep
	5 2006)) with ESMTP id <0J95006EXJNS08S0@pd5mr5so.prod.shaw.ca> for
	cvs-src@FreeBSD.org; Wed, 22 Nov 2006 14:57:31 -0700 (MST)
Received: from hexahedron.daemonology.net ([24.82.18.31])
	by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15
	2004))
	with SMTP id <0J9500JWOJNRQI30@l-daemon> for cvs-src@FreeBSD.org; Wed,
	22 Nov 2006 14:57:28 -0700 (MST)
Received: (qmail 7631 invoked from network); Wed, 22 Nov 2006 21:57:17 +0000
Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1)
	by localhost with SMTP; Wed, 22 Nov 2006 21:57:17 +0000
Date: Wed, 22 Nov 2006 13:57:16 -0800
From: Colin Percival <cperciva@freebsd.org>
In-reply-to: <200611222105.kAML5I4L067230@repoman.freebsd.org>
To: Maxim Konovalov <maxim@FreeBSD.org>
Message-id: <4564C7BC.6080405@freebsd.org>
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1
Content-transfer-encoding: 7bit
X-Enigmail-Version: 0.94.0.0
References: <200611222105.kAML5I4L067230@repoman.freebsd.org>
User-Agent: Thunderbird 1.5 (X11/20060416)
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.bin/banner banner.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2006 21:59:13 -0000

Maxim Konovalov wrote:
>   Modified files:
>     usr.bin/banner       banner.c 
>   Log:
>   o Check that -w width is not above maximum.  Use DWIDTH instead of
>   hardcoded constant.
>   
>   Reported by:    Gruzicki Wlodek on BugTraq
>   Obtained from:  NetBSD, OpenBSD
>   MFC after:      1 week

Security:	Possible privilege escalation, if you have a practice of
		going around and applying the suid bit randomly.

Colin Percival