Hello, On 1/18/19 1:26 AM, Bernhard Übelacker wrote: > > I tried to have a look and found following unconditional sprintf. > Attached patch is an attempt to respect the size of > variable KXL_DName. > > The suid bit seems really to access /var/games/geki2.scores. > > What the security implications of this bug are I cannot say.
Well, I think it would cost more time to discover it than just applying the patch and fixing it. So, let this bug die and go to the next one. :) Regards -- Emmanuel Fleury Rule of Diversity: Distrust all claims for "one true way". -- Eric S. Raymond (The Art of Unix Programming)
signature.asc
Description: OpenPGP digital signature