From owner-freebsd-security  Tue Oct 10 20:10:54 2000
Delivered-To: freebsd-security@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 91BF437B502
	for <freebsd-security@FreeBSD.ORG>; Tue, 10 Oct 2000 20:10:51 -0700 (PDT)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.11.0/8.11.0) with ESMTP id e9B3Ani16971;
	Tue, 10 Oct 2000 21:10:49 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA32653; Tue, 10 Oct 2000 21:10:48 -0600 (MDT)
Message-Id: <200010110310.VAA32653@harmony.village.org>
To: Mike Silbersack <silby@silby.com>
Subject: Re: ncurses buffer overflows (fwd) 
Cc: Trevor Johnson <trevor@jpj.net>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Tue, 10 Oct 2000 21:09:33 CDT."
		<Pine.BSF.4.21.0010102108020.4661-100000@achilles.silby.com> 
References: <Pine.BSF.4.21.0010102108020.4661-100000@achilles.silby.com>  
Date: Tue, 10 Oct 2000 21:10:48 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <Pine.BSF.4.21.0010102108020.4661-100000@achilles.silby.com> Mike Silbersack writes:
: Is the patch just to not read .terminfo from the current directory when
: executing setuid+setgid apps?  (Just checking if it's the same as the
: patch that openbsd has applied.)

There are several things that were fixed in this round of patches.  I
think that this is one of them, but I have it on my list of things to
check once Peter imports the new ncurses.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message