[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Uisp-dev] Re: [Bug #1551] Buffer overflow causes crash in uisp on some
|
From: |
Seth LaForge |
|
Subject: |
[Uisp-dev] Re: [Bug #1551] Buffer overflow causes crash in uisp on some s19 files |
|
Date: |
Wed, 30 Oct 2002 14:53:23 -0800 |
> Unless you can find something wrong with this, I'll commit it.
Looks OK to me. Thanks!
> I looked at the suid handling. If the suid permission is set, the code
> does drop setuid privies as soon as possible with:
>
> setgid(getgid());
> setuid(getuid());
Aha, I missed that privies were dropped in the TDAPA constructor - I'd
only seen the bit in main() where it only drops them if a serial
programmer has been selected. It might be worth adding a comment to
main before the 'new TAvrDummy()' call mentioning that the TDAPA
constructor will drop privileges.
I guess it's not as insecure as I thought when suid, although I still
wouldn't trust it on a secure system.
Are you going to put out another release with this change, or should I
push the Debian packager to add this patch to Debian?
Seth