Hello, I remove suid permissions in this upload: http://mentors.debian.net/debian/pool/main/a/acon/acon_1.0.5-7.dsc
On Sun, Apr 13, 2008 at 04:55:19PM +0200, Nico Golde wrote: > reopen 475733 > thanks > > Hi, > * Helmut Grohne <[EMAIL PROTECTED]> [2008-04-13 16:36]: > > > * Dropped 05_setuid.diff as it can cause a root exploit. (Closes: > > > #475733) > > > > This is not enough, because it still has seved set userid and is > > exploitable: > [...] > As stated before the code only changes the effective user id > and thus any overflow that ships a seteuid(0) in the shell > code can get the privileges back. Please drop the privileges > properly or fix the buffer overflow. ---end quoted text--- -- أحمد المحمودي (Ahmed El-Mahmoudy) Digital design engineer SySDSoft, Inc. GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net) GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
