[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Uisp-dev] Re: [Bug #1551] Buffer overflow causes crash in uisp on some

From: Seth LaForge
Subject: [Uisp-dev] Re: [Bug #1551] Buffer overflow causes crash in uisp on some s19 files
Date: Wed, 30 Oct 2002 14:53:23 -0800

> Unless you can find something wrong with this, I'll commit it.

Looks OK to me.  Thanks!

> I looked at the suid handling. If the suid permission is set, the code
> does drop setuid privies as soon as possible with:
>   setgid(getgid());
>   setuid(getuid());

Aha, I missed that privies were dropped in the TDAPA constructor - I'd
only seen the bit in main() where it only drops them if a serial
programmer has been selected.  It might be worth adding a comment to
main before the 'new TAvrDummy()' call mentioning that the TDAPA
constructor will drop privileges.

I guess it's not as insecure as I thought when suid, although I still
wouldn't trust it on a secure system.

Are you going to put out another release with this change, or should I
push the Debian packager to add this patch to Debian?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]