[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Uisp-dev] Re: [Bug #1551] Buffer overflow causes crash in uisp on some

From: Theodore A. Roth
Subject: [Uisp-dev] Re: [Bug #1551] Buffer overflow causes crash in uisp on some s19 files
Date: Wed, 30 Oct 2002 15:02:20 -0800 (PST)

On Wed, 30 Oct 2002, Seth LaForge wrote:

:) > Unless you can find something wrong with this, I'll commit it.
:) Looks OK to me.  Thanks!
:) > I looked at the suid handling. If the suid permission is set, the code
:) > does drop setuid privies as soon as possible with:
:) >
:) >   setgid(getgid());
:) >   setuid(getuid());
:) Aha, I missed that privies were dropped in the TDAPA constructor - I'd
:) only seen the bit in main() where it only drops them if a serial
:) programmer has been selected.  It might be worth adding a comment to
:) main before the 'new TAvrDummy()' call mentioning that the TDAPA
:) constructor will drop privileges.

Ok, I'll add that before I commit.

:) I guess it's not as insecure as I thought when suid, although I still
:) wouldn't trust it on a secure system.

You probably shouldn't be doing any development on a secure system anyways
though. ;-)

:) Are you going to put out another release with this change, or should I
:) push the Debian packager to add this patch to Debian?

Probably won't hurt to make a new release. I'll do that as soon as I can
find the time (or sunday, which ever comes first).

Thanks for you help.

Ted Roth

reply via email to

[Prev in Thread] Current Thread [Next in Thread]