|
From: | Jeffrey |
Subject: | Re: setuid/setgid return values not checked in rlogin, rsh, rshd and uucpd |
Date: | Mon, 24 Jul 2023 16:17:48 +0200 |
Jeffrey <jeffbencteux@gmail.com> writes:
> I found more occurences of unchecked values for set*id() functions in other
> inetutils programs: ftpd, rcp.
>
> It has different security impact if it can be triggered:
>
> * rcp: local privilege escalation to the user running the binary
> * ftpd: undefined behaviour without privilege escalation as all calls are
> to seteuid(0) (gaining root privileges, not dropping it)
>
> I am attaching a consolidated patch to fix these and the previous ones.
Thanks again -- copyright papers have now arrived, and I looked at the
patch, and it seems good. However the patch does not apply cleanly due
to whitespace and line-wrapping problems, can you re-send the patch as
an attachment instead of inline in your email? Please also add NEWS
entries (look at earlier entries as templates).
/Simon
0001-ftpd-rcp-rlogin-rsh-rshd-uucpd-fix-check-set-id-retu.patch
Description: Binary data
[Prev in Thread] | Current Thread | [Next in Thread] |