6 Feb
2001
6 Feb
'01
15:29
hi, the format issue of man seems harmless. the bug lies inhere /* XXX */ if (!display (NULL, argv[optind], NULL, basename(argv[optind]))) { error (0, errno, argv[optind]); exit_status = NOT_FOUND; } where error() is format-capable. However root privs are dropped before. So, you could gain a user-shell if you want. Please dont run man setgid, as man doesnt drop effective group ID. l8, Sebastian
8482
Age (days ago)
8482
Last active (days ago)
0 comments
1 participants
participants (1)
-
Sebastian Krahmer