Florian Weimer wrote: > I agree that this is a horrible coding style, but it's unlikely that > it's exploitable. As far as I can tell, the situation is follows:
Thank you very much for looking at this bug. I agree with your reasoning. However, there is a possibility for the local admin to give fb_lock_mgr SUID root privileges (in classic server package) to ease IPC when multiple users have to use firebird, without being members of firebird group. This is bad idea anyway, but the possibility exists. So I decided to check whether fb_lock_mgr actually uses this source. It seems to be linked with jrd statically. (From what I see in the makefile spaghetti) I can't find the dangerous code, though. In 1.5.1 src/jrd/gds.cpp(966) there is an #ifdef VMS conditional that is not satisfied (Debian/VMS anyone!?) in 1.5.2 the code looks the same as in 1.5.1 (with little offset). So, what is the code, that is considered unsafe? The most suspicious near line 866 is status = sys$getmsg(code, &l, &desc, 15, flags); which is in #ifdef VMS that is inactive, so there's no problem at all. Or is it somewhere else? Thanks again, dam -- Damyan Ivanov Creditreform Bulgaria [EMAIL PROTECTED] http://www.creditreform.bg/ phone: +359(2)928-2611, 929-3993 fax: +359(2)920-0994 mob. +359(88)856-6067 [EMAIL PROTECTED]/Gaim
signature.asc
Description: OpenPGP digital signature