-- Lamont Granquist lamontg_at_raven.genome.washington.edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg_at_raven.genome.washington.edu | pgp -fka ---------- Forwarded message ---------- Date: Thu, 4 Feb 1999 10:08:46 +0000 (GMT) From: Bob Vickers <bobv_at_dcs.rhbnc.ac.uk> Reply-To: R.Vickers_at_dcs.rhbnc.ac.uk To: Lamont Granquist <lamontg_at_raven.genome.washington.edu> Subject: Re: This Buffer Overflow thing... Lamont, The patch SSRT0583U does NOT solve the problem. It makes the classic mistake that everyone makes the first time they write a patch for a security hole in a setuid program: it carefully preserves the old dangerous program along with its setuid permission in a file with a different name (in this case something.orig). In keeping with the conventions of alpha-osf-managers I'm leaving it to you to warn everybody else. Bob ============================================================== Bob Vickers R.Vickers_at_dcs.rhbnc.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhbnc.ac.uk/home/bobv Phone: +44 1784 443691Received on Thu Feb 04 1999 - 19:11:07 NZDT
This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:38 NZDT