Re: Release-critical Bugreport for November 26, 1999

To: debian-devel@lists.debian.org, bugscan@debian.org
Subject: Re: Release-critical Bugreport for November 26, 1999
From: Joel Klecker <jk@espy.org>
Date: Sun, 28 Nov 1999 04:11:40 -0800
Message-id: <v04220801b466c91cdf6b@[206.163.71.146]>
In-reply-to: <199911280216.NAA19711@gondor.apana.org.au>
References: <199911280216.NAA19711@gondor.apana.org.au>

At 13:16 +1100 1999-11-28, Herbert Xu wrote:
>>> Package: libc6 (main)
>>> Maintainer: Joel Klecker <debian-glibc@lists.debian.org>
>>>   21810  libc6: rexec call dumps core with user="string" and password=NULL
>
>> Need some more examination to find a solution, that doesn't open a
>> security hole.
>
>AFAIK, there aren't any security implications here if the strategy is to
>copy the libc5 behaviour (my preference).

There is no strategy, this bug is not gonna be "fixed" unless upstream
agrees. Upstream says the bug is in the BSD man page for rexec(3), which
claims a behavior that the source for the function doesn't have.
-- 
Joel Klecker (aka Espy)                    Debian GNU/Linux Developer
<URL:mailto:jk@espy.org>                 <URL:mailto:espy@debian.org>
<URL:http://web.espy.org/>               <URL:http://www.debian.org/>

Reply to:

Follow-Ups:
- Re: Release-critical Bugreport for November 26, 1999
  - From: Herbert Xu <herbert@gondor.apana.org.au>

References:
- Re: Release-critical Bugreport for November 26, 1999
  - From: Herbert Xu <herbert@gondor.apana.org.au>

Prev by Date: Re: permissions on /etc/ld.so.conf
Next by Date: Re: Release-critical Bugreport for November 26, 1999
Previous by thread: Re: Release-critical Bugreport for November 26, 1999
Next by thread: Re: Release-critical Bugreport for November 26, 1999
Index(es):
- Date
- Thread