Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
man issue
  • From: Sebastian Krahmer <krahmer@xxxxxxx>
  • Date: Tue, 6 Feb 2001 16:29:58 +0100 (CET)
  • Message-id: <Pine.LNX.4.21.0102061627270.393-100000@xxxxxxxxxxxxxx>
hi,

the format issue of man seems harmless.
the bug lies inhere

/* XXX */
if (!display (NULL, argv[optind], NULL,
basename(argv[optind]))) {
error (0, errno, argv[optind]);
exit_status = NOT_FOUND;
}

where error() is format-capable. However root privs are dropped before.
So, you could gain a user-shell if you want.
Please dont run man setgid, as man doesnt drop effective group ID.

l8,
Sebastian



< Previous Next >
This Thread
  • No further messages