Date: Mon, 24 Mar 1997 10:07:36 -0700 From: Warner Losh <imp@village.org> To: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.ru> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/stdtime localtime.c Message-ID: <E0w9DDd-0005Ii-00@rover.village.org> In-Reply-To: Your message of "Mon, 24 Mar 1997 19:20:42 %2B0300." <Pine.BSF.3.95q.970324191537.2099B-100000@nagual.ru> References: <Pine.BSF.3.95q.970324191537.2099B-100000@nagual.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.3.95q.970324191537.2099B-100000@nagual.ru> =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= writes: : privs initially on : privs off (by program) : (your check shows nothing and allow some flexibility) : intruder write some nasty code to the stack : privs on (by program) : He got priveledges! Yes. I understand this. This particular change however is just for what files are opened, rather than to guard against buffer overflows. I also understand that other of my patches are vulnerable to this too, but at least some of the holes are closed, and the code is well marked for when I see issetugid() goes into the kernel. There is no false sense of security, because I know the problem isn't completely solved :-). Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0w9DDd-0005Ii-00>