[3590] in bugtraq
Re: ppl bugs
daemon@ATHENA.MIT.EDU (Stefan Zehl)
Mon Nov 4 17:06:01 1996
Date: Mon, 4 Nov 1996 20:44:09 GMT
Reply-To: Stefan Zehl <sec@wg.camelot.de>
From: Stefan Zehl <sec@wg.camelot.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In article <199611040954.EAA08420@netspace.org>, Walter Misar wrote:
> This two questions came to mind after reading about the ppl holes:
>
> Why is it necessary that /usr/spool/ppl is world writable ?
>
> Why does ppl dump core on buffer overflow ? Does it perhaps change it=
's real
> uid to 0 ?
Thats at least written on the Hp-Bug Web-Page
: ... the setuid root ppl conveniently turns your real uid to 0 before
: doing the string manipulation, and ...
CU,
Sec
--
Jeder Tag an dem du nicht l=E4chelst, ist ein verlorener Tag. (C. Chap=
lin)
Hiroshima '45 Tsjernobyl '86 Windows '95
Black holes are where GOD is dividing by zero
