tech-security: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot]

Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot]
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: Charles M. Hannum <root@ihack.net>
List: tech-security
Date: 08/27/1999 12:55:18

  by redmail.netbsd.org with SMTP; 27 Aug 1999 16:54:27 -0000
	by bikini.ihack.net (8.8.8/8.8.8) id MAA27598;
	Fri, 27 Aug 1999 12:55:18 -0400 (EDT)
Date: Fri, 27 Aug 1999 12:55:18 -0400 (EDT)
Message-Id: <199908271655.MAA27598@bikini.ihack.net>
From: "Charles M. Hannum" <root@ihack.net>
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
Cc: "Todd C. Miller" <Todd.Miller@courtesan.com>, tech-security@netbsd.org
Subject: Re: [secure@FREEBSD.LUBLIN.PL: FreeBSD (and other BSDs?) local root explot]


> It doens't core dump with OpenBSD's fts.c, There's no problems on your side
> I think. Well, I've about half an our left, I'll try a bit more to fix it :)

Actually, the test case demonstrates a secondary bug -- fts_pathlen
overflows, and the paths are truncated.