Martin Schulze <[EMAIL PROTECTED]> writes: > Please tell me what you gain from this. man does not run setuid root/man > but only setgid man. Debian man-db is setuid (not setgid) man[1] in the latest stable and unstable incarnations. Getting uid man is not immediate death, but bad enough. Bug 84128 has been reported (with the trivial patch) a week ago. Please fix it. Footnotes: [1] Unless you've set NOSETGID in /etc/manpath.config ... obvious, isn't it? -- Robbe
- SuSe / Debian man package format string vulnerabilit... Joao Gouveia
- Re: SuSe / Debian man package format string vul... Roman Drahtmueller
- Re: SuSe / Debian man package format string vul... Tomasz Kuźniar
- m4 format string vulnerability [was: Re: Su... Mike Gerber
- Re: m4 format string vulnerability [was... Ivo van Poorten
- Re: m4 format string vulnerability Jarno Huuskonen
- Re: SuSe / Debian man package format string vul... StyX
- Re: SuSe / Debian man package format string... Martin Schulze
- Re: SuSe / Debian man package format st... Jose Nazario
- Re: SuSe / Debian man package forma... Nate Eldredge
- Re: SuSe / Debian man package format st... Robert Bihlmeyer
- Re: SuSe / Debian man package format string... Robert van der Meulen
- Re: SuSe / Debian man package format st... Valdis Kletnieks
- Re: SuSe / Debian man package format st... Ethan Benson
- Re: SuSe / Debian man package format st... John
- Re: SuSe / Debian man package forma... Megyer Ur
- Re: SuSe / Debian man package ... Foldi Tamas
- Re: SuSe / Debian man package forma... Andreas Ferber
- Re: SuSe / Debian man package forma... Graham Hughes
- Re: SuSe / Debian man package forma... Matt Zimmerman
- Re: SuSe / Debian man package format st... Mate Wierdl