Re: [Full-Disclosure] Re: HTML Help API - Privilege Escalation
Valdis.Kletnieks_at_vt.edu
Date: 10/24/03
- Previous message: Curt Purdy: "RE: [inbox] Re: [Full-Disclosure] RE: Linux (in)security"
- In reply to: Sebastian Niehaus: "[Full-Disclosure] Re: HTML Help API - Privilege Escalation"
- Next in thread: KF: "Re: [Full-Disclosure] HTML Help API - Privilege Escalation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: killedbythoughts@mindcrime.net Date: Fri, 24 Oct 2003 16:41:45 -0400
On Fri, 24 Oct 2003 20:08:24 +0200, Sebastian Niehaus <killedbythoughts@mindcrime.net> said:
> Well, if you have a programm to be run in suid mode, every Unix admin
> should be alerted. They are used to review the source code of this
> kind of stuff.
When was the last time you audited the source for 'ping' or 'traceroute'?
Is there *anybody* qualified to do an audit of /usr/X11R6/bin/XFree86?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: Curt Purdy: "RE: [inbox] Re: [Full-Disclosure] RE: Linux (in)security"
- In reply to: Sebastian Niehaus: "[Full-Disclosure] Re: HTML Help API - Privilege Escalation"
- Next in thread: KF: "Re: [Full-Disclosure] HTML Help API - Privilege Escalation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
