Subject: Re: new rlogin security hole
To: firstname.lastname@example.org, VaX#n8 <email@example.com>
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Date: 08/20/1996 02:08:47
On Aug 19, 10:58am, "Perry E. Metzger" wrote:
} Subject: Re: new rlogin security hole
} VaX#n8 writes:
} > Anyone want to volunteer to help do security checks on all the
} > SUID programs? I'd at least like to document why each one has to be
} > SUID (in the manpage), so you can decide if you need it SUID or not.
} I'd say that an fgrep for strcpy, sprintf and a few others might get
} about 90% of the bugs...
Don't forget about all instances of these in library routines that
are called by SUID programs :-(