[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3EAFD552.EF4CAE8A@austin.ibm.com>
Date: Wed, 30 Apr 2003 08:53:22 -0500
From: Denise Genty <genty@...tin.ibm.com>
To: Damien Miller <djm@...drot.org>
Cc: BUGTRAQ@...URITYFOCUS.COM, openssh-unix-dev@...drot.org,
openssh-unix-announce@...drot.org
Subject: Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)
Damien Miller wrote:
> 5. Solution:
>
> For the problem to be solved, the AIX linker must be changed to
> only search system paths by default and never search the current
> directory or user-specified paths for set[ug]id programs.
>
> We consider this a serious flaw in IBM's linker, and urge
> them to fix it immediately. IBM, are you listening?
>
Hey man, we're listening -- I just need to figure out who to contact
about the problem.
--
Denise M. Genty
genty@...tin.ibm.com (512)838-8170 - T/L 678-8170
AIX Network Security Development
Server Division, pSeries
Powered by blists - more mailing lists