[7243] in bugtraq
Re: ncurses 4.1 security bug
daemon@ATHENA.MIT.EDU (Wietse Venema)
Mon Jul 13 15:45:26 1998
Date: Sun, 12 Jul 1998 08:51:52 -0400
Reply-To: Wietse Venema <wietse@PORCUPINE.ORG>
From: Wietse Venema <wietse@PORCUPINE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199807102055.OAA01580@cvs.openbsd.org> from Theo de Raadt at
"Jul 10, 98 02:55:34 pm"
Theo de Raadt:
> I've been told that vmailer calls issetugid() for similar reasons (if
> it exists, which means OpenBSD or FreeBSD, though the FreeBSD
> semantics are a tiny little bit different). (Wietse helped me clean
> up the man page).
This is correct (and thanks for acking my little contribution).
Although no VMailer program is set-uid or set-gid itself, some
programs might be called from one that is set-uid/set-gid, and
therefore I attempt to take proper precautions.
Just trying to stay abreast of the next couple waves of "new"
security holes :-)
Wietse
PS. Yes, I know www.vmailer.org is down. I'll see what I can do.
