Re: Solaris ff.core and wsinfo commands.

John C. Orthoefer (jco@bbn.com)
Tue, 06 Dec 1994 18:34:58 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen Gildea: "letter bombs: enable-local-eval saves Emacs 19"
Previous message: Noah Friedman: "Re: Virus's -- This is an Emacs bomb (fwd)"
In reply to: Bonfield James: "Solaris ff.core and wsinfo commands."

> I haven't seen any _obvious_ ways that these could be dangerous for security,
> but I'm naturally suspicious of any setuid/setgid program that crashes. Has
> anyone got any further info on these programs?

I sent this to James already, but forgot to cc the list.

Patch 101889-01 says-

Keywords: ff.core security hole
Synopsis: OpenWindows 3.3: filemgr forked execuatble ff.core has a
security hole.
Date: Aug/30/94

Solaris Release: 2.3

SunOS Release: 5.3

Unbundled Product: OpenWindows

Unbundled Release: 3.3

BugId's fixed with this patch: 1171394

Files included with this patch: 

    /usr/openwin/bin/ff.core

Problem Description: 

    1171394 filemgr forked execuatble ff.core has a security hole.

johno
-
John Orthoefer   | Take this out and a Unix Demon will dog your steps from 
<jco@bbn.com>    | now until the time_t's wrap around.
617-873-6188     |  -- Curse from the tunefs(8) man page source

Next message: Stephen Gildea: "letter bombs: enable-local-eval saves Emacs 19"
Previous message: Noah Friedman: "Re: Virus's -- This is an Emacs bomb (fwd)"
In reply to: Bonfield James: "Solaris ff.core and wsinfo commands."