[319] in linux-security and linux-alert archive
Re: Security Problem with DOSEMU
daemon@ATHENA.MIT.EDU (Michael E. Deisher)
Mon Aug 14 06:55:52 1995
Date: Sat, 12 Aug 1995 12:55:22 -0700
From: "Michael E. Deisher" <deisher@enws261.EAS.ASU.EDU>
To: okir@monad.swb.de
Cc: linux-security@tarsier.cv.nrao.edu, macleajb@ednet.ns.ca,
deisher@enws261.EAS.ASU.EDU
In-Reply-To: <m0shL4w-00005HC@monad.swb.de> (okir@monad.swb.de)
On Sat, 12 Aug 1995 20:14:37 +0200 (MET DST), okir@monad.swb.de (Olaf Kirch) said:
> Hello all,
> Matt Welsh just forwarded me another post by Frank Lofaro. Can
> anyone confirm or deny this? I don't even understand what his code's
> doing...
> Olaf
I'll forward your message to the dosemu developers list. However, my
understanding is that this is a well known problem with dosemu.
Anyone who looks at the dosemu docs knows that it is ALPHA software
and that it runs setuid root. ALPHA testers should know up front that
they are taking a risk when they run it. It is probably not a good
idea to run dosemu (I'm talking about the ALPHA versions) on a machine
where a high level of security is required.
--Mike
