[529] in bugtraq
Re: Yesterday this would have worked... (fwd)
daemon@ATHENA.MIT.EDU (Timothy Newsham)
Sat Dec 17 14:57:19 1994
From: Timothy Newsham <newsham@wiliki.eng.hawaii.edu>
To: mouse@Collatz.McRCIM.McGill.EDU (der Mouse)
Date: Sat, 17 Dec 1994 08:50:51 -1000 (HST)
Cc: bugtraq@fc.net
In-Reply-To: <199412171234.HAA01901@Collatz.McRCIM.McGill.EDU> from "der Mouse" at Dec 17, 94 07:34:50 am
> Looks to me as though exec() sets the UID on the process per setuid
> bits before it checks for arguments too long, and doesn't take care to
> undo this properly in that case.
>
[..]
>
> Depends on where the bug came from. If it's one of those ever-since-V7
> bugs it should be widespread; if it's a fumble-fingers mistake from
> BSDI it's probably not elsewhere. I'm sure everyone can imagine
> variations. I'm certainly going to test _my_ systems!
It might be a fumble at sctc when adding the type system. Ie:
exec() sets type to mail, exec fails, type remains in place.
> der Mouse
> mouse@collatz.mcrcim.mcgill.edu
