Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Dec 2018 13:10:24 -0600 (CST)
From: Bob Friesenhahn <>
Subject: Re: Multiple telnet.c overflows

On Wed, 12 Dec 2018, Tavis Ormandy wrote:

> It's not that environment handling is a non-issue, I've reported
> dozens over the years, it's just that it requires a privilege
> boundary. For example, setuid binaries are the classic example.

Is a network connection between two machines not a 'privilege 
boundary'?  If the remote machine has the ability to subvert the 
accessing machine (e.g. by transmitting something which causes harm to 
the client) then that seems to qualify.

Bob Friesenhahn,
GraphicsMagick Maintainer,
Public Key,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.