Received: (from majordom@localhost) by hyperreal.com (8.8.5/8.8.5) id LAA22239; Mon, 2 Jun 1997 11:20:10 -0700 (PDT) Received: from eat.organic.com (h10.n145.organic.com [204.152.145.10]) by hyperreal.com (8.8.5/8.8.5) with ESMTP id LAA22173 for ; Mon, 2 Jun 1997 11:20:04 -0700 (PDT) Received: from localhost (brian@localhost) by eat.organic.com (8.8.3/8.6.12) with SMTP id LAA00460 for ; Mon, 2 Jun 1997 11:23:08 -0700 (PDT) Date: Mon, 2 Jun 1997 11:23:08 -0700 (PDT) From: Brian Behlendorf To: new-httpd@apache.org Subject: Re: [TEST] changes to bugdb.cgi In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org On Sat, 31 May 1997, Marc Slemko wrote: > marc@taz:~/gnats/gnats-3.99-beta/gnats$ query-pr -p foo > adfasfasfasfdasfadfasfasfasfdasdfasfasfasfdasdfasfasfasfdasdfasfasfasfdasdfasfasfasfdasdfasfasfasfdasdfasfasfasfdas > Segmentation fault (core dumped) > > Since pat is statically allocated, I am quite sure I could turn it into an > exploit to get a shell. I'm more worried about such holes in the programs > that are setuid gnats. There is a version 3.102 at ftp://ftp.cygnus.com/pub/. I haven't checked if it fixes the hole, but if we're going to bitch to them about it (which I think we definitely should) then we should make sure they're using the most current one. > BTW, there is nothing preventing anyone with a shell on taz from editing > PRs is there? Not that I'm aware of. Marc or Ken, I'd be happy to give you the password to the gnats user account on hyperreal, which would give you direct access to configuration and pr db administration. Brian --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- brian@organic.com www.apache.org hyperreal.com http://www.organic.com/JOBS