Re: SuSe / Debian man package format string vulnerability

[Valdis Kletnieks]

On Sun, 04 Feb 2001 01:48:34 +0100, Robert van der Meulen <[EMAIL PROTECTED]>  said:
> Just for the record:
> on a lot of systems (including Debian), 'man' is not suid/sgid anything, and
> this doesn't impose a security problem.

Although it may not apply to *this* *particular* issue, let's all not
forget that just because something is not suid/sgid it's not a security
issue.  I'm sure that both 'man' and 'm4' get run a *lot* as root, and
have we forgotten the .sy nroff command and trojan manpages? ;)

It will be a security problem as soon as somebody finds a way to get
root to run 'man -l %n' or 'm4 -G %n'.... ;)

                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech