reopen 475733 thanks Hi, * Helmut Grohne <[EMAIL PROTECTED]> [2008-04-13 16:36]: > > * Dropped 05_setuid.diff as it can cause a root exploit. (Closes: > > #475733) > > This is not enough, because it still has seved set userid and is > exploitable: [...] As stated before the code only changes the effective user id and thus any overflow that ships a seteuid(0) in the shell code can get the privileges back. Please drop the privileges properly or fix the buffer overflow.
Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpt1WkV4aM1S.pgp
Description: PGP signature
