[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Uisp-dev] Re: [Bug #1551] Buffer overflow causes crash in uisp on some
Theodore A. Roth
[Uisp-dev] Re: [Bug #1551] Buffer overflow causes crash in uisp on some s19 files
Wed, 30 Oct 2002 15:02:20 -0800 (PST)
On Wed, 30 Oct 2002, Seth LaForge wrote:
:) > Unless you can find something wrong with this, I'll commit it.
:) Looks OK to me. Thanks!
:) > I looked at the suid handling. If the suid permission is set, the code
:) > does drop setuid privies as soon as possible with:
:) > setgid(getgid());
:) > setuid(getuid());
:) Aha, I missed that privies were dropped in the TDAPA constructor - I'd
:) only seen the bit in main() where it only drops them if a serial
:) programmer has been selected. It might be worth adding a comment to
:) main before the 'new TAvrDummy()' call mentioning that the TDAPA
:) constructor will drop privileges.
Ok, I'll add that before I commit.
:) I guess it's not as insecure as I thought when suid, although I still
:) wouldn't trust it on a secure system.
You probably shouldn't be doing any development on a secure system anyways
:) Are you going to put out another release with this change, or should I
:) push the Debian packager to add this patch to Debian?
Probably won't hurt to make a new release. I'll do that as soon as I can
find the time (or sunday, which ever comes first).
Thanks for you help.