Date: Tue, 18 Jul 2006 14:32:41 +0200 From: =?ISO-8859-1?Q?Cl=E9ment_Lecigne?= <clemun@gmail.com> To: freebsd-security@FreeBSD.ORG Subject: Re: Vulnerability in vixie cron? Message-ID: <44BCD4E9.404@gmail.com> In-Reply-To: <200607181158.k6IBwsZJ099625@lurza.secnetix.de> References: <200607181158.k6IBwsZJ099625@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Oliver Fromme wrote: > Hi, > > (...) > > Any information would be appreciated. > This issue was already discussed few weeks ago on this list. http://lists.freebsd.org/pipermail/freebsd-hackers/2006-June/016729.html In default configuration, this issue is not exploitable because a call to setuid(2) could fail only for non-root user. Anyway setuid(2) return value must be always checked and I guess this issue was fixed in HEAD and probably in RELENG_6 ? Sincerely, Clem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44BCD4E9.404>