[15930] in Kerberos-V5-bugs
[krbdev.mit.edu #8661] ksu segfaults when argc == 0
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Sun Apr 1 13:21:16 2018
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8661@krbdev.mit.edu>
Message-ID: <rt-8661-48364.16.4324964024198@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8661'":;
Date: Sun, 1 Apr 2018 13:21:04 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
I think just about all of the programs in the krb5 source tree will seg
fault when argc is 0, and I'm generally not concerned about that. It
might make sense for ksu to be careful because it's setuid, although I
don't think getting a setuid program to perform a null dereference
constitutes a vulnerability (I don't think operating systems allow
setuid programs to dump core, for instance).
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs