[krbdev.mit.edu #8661] ksu segfaults when argc == 0
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Sun Apr 1 13:21:04 EDT 2018
I think just about all of the programs in the krb5 source tree will seg
fault when argc is 0, and I'm generally not concerned about that. It
might make sense for ksu to be careful because it's setuid, although I
don't think getting a setuid program to perform a null dereference
constitutes a vulnerability (I don't think operating systems allow
setuid programs to dump core, for instance).
More information about the krb5-bugs
mailing list