severity 468418 grave thanks On line 460 of ict-main.cpp the library call getpwuid_r() should be used.
When compiled in optimising mode the call to getpwnam() on line 468 is overwriting the string buffers. I am not convinced that it is impossible to use this bug to run arbitrary code as group incron. Taking over group incron will gain almost immediate root access (I will make another bug report). As an interim measure I suggest uploading a version of incron which has no support for the -u option to incrontab. -- Russell Coker <[EMAIL PROTECTED]> http://etbe.coker.com.au/ My Blog http://etbe.coker.com.au/category/security/ My Security blog posts http://www.coker.com.au/selinux/play.html My Play Machine, root PW "SELINUX" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
