30 Nov
2006
30 Nov
'06
11:08
https://bugzilla.novell.com/show_bug.cgi?id=222728 ------- Comment #25 from lnussel@novell.com 2006-11-30 04:08 MST ------- I doubt this is safe. glibc doesn't use those variables when the program runs suid root and the variable contains a slash. With sudo the suid check doesn't work so / will be allowed. So I could imagine those variables can be used for directory traversal attacks. Needs deeper investigation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.