[19246] in bugtraq
Re: vixie cron possible local root compromise
daemon@ATHENA.MIT.EDU (Peter W)
Thu Feb 15 20:15:02 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010215145856.C14744@usa.net>
Date: Thu, 15 Feb 2001 14:58:56 -0500
Reply-To: Peter W <peterw@USA.NET>
From: Peter W <peterw@USA.NET>
X-To: Arthur Clune <arthur@CLUNE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.SGI.4.31.0102141708560.383364-100000@tardis.york.ac.uk>;
from arthur@CLUNE.ORG on Wed, Feb 14, 2001 at 05:12:04PM +0000
I can't believe how much has been written about an issue
that's apparently fixed with a few lines of code.
More patches, less pedantic finger pointing. Bottom line
is the app does not, cannot enforce length constraints on
usernames, so it needs to do proper bounds checking.
-Peter
