[19004] in bugtraq
Re: SuSe / Debian man package format string vulnerability
daemon@ATHENA.MIT.EDU (Valdis Kletnieks)
Mon Feb 5 01:49:48 2001
Message-ID: <200102050512.f155CVV19060@foo-bar-baz.cc.vt.edu>
Date: Mon, 5 Feb 2001 00:12:31 -0500
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
X-To: Robert van der Meulen <rvdm@CISTRON.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Sun, 04 Feb 2001 01:48:34 +0100."
<20010204014834.A1351@lin-gen.com>
On Sun, 04 Feb 2001 01:48:34 +0100, Robert van der Meulen <rvdm@CISTRON.NL> said:
> Just for the record:
> on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
> this doesn't impose a security problem.
Although it may not apply to *this* *particular* issue, let's all not
forget that just because something is not suid/sgid it's not a security
issue. I'm sure that both 'man' and 'm4' get run a *lot* as root, and
have we forgotten the .sy nroff command and trojan manpages? ;)
It will be a security problem as soon as somebody finds a way to get
root to run 'man -l %n' or 'm4 -G %n'.... ;)
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
