lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3EAFD552.EF4CAE8A@austin.ibm.com>
Date: Wed, 30 Apr 2003 08:53:22 -0500
From: Denise Genty <genty@...tin.ibm.com>
To: Damien Miller <djm@...drot.org>
Cc: BUGTRAQ@...URITYFOCUS.COM, openssh-unix-dev@...drot.org,
	openssh-unix-announce@...drot.org
Subject: Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)


Damien Miller wrote:

> 5. Solution:
>
>         For the problem to be solved, the AIX linker must be changed to
>         only search system paths by default and never search the current
>         directory or user-specified paths for set[ug]id programs.
>
>         We consider this a serious flaw in IBM's linker, and urge
>         them to fix it immediately.  IBM, are you listening?
>

Hey man, we're listening -- I just need to figure out who to contact
about the problem.

--
Denise M. Genty
genty@...tin.ibm.com    (512)838-8170 - T/L 678-8170
AIX Network Security Development
Server Division, pSeries

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ