[krbdev.mit.edu #8671] minor bug in ksu
Tavis Ormandy via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Tue Apr 24 13:39:00 EDT 2018
No reason, just looking at the code for setuid root programs installed in
RHEL.
On Tue, Apr 24, 2018 at 12:50 PM, Greg Hudson via RT <
rt-comment at krbdev.mit.edu> wrote:
> If argc is 0, ksu should crash with a null dereference at line 144
> where it does strlen() on argv[0]. I believe that happens with every
> program in the MIT krb5 tree, but we have received reports of argc == 0
> issues specifically for ksu twice this month, which seems odd. Out of
> curiosity, can you explain how you arrived at this issue?
>
More information about the krb5-bugs
mailing list