Fix missed */

Russ Allbery rra at stanford.edu
Tue Feb 27 20:25:18 UTC 2001


Forrest J Cavalier <mibsoft at epix.net> writes:

> Wow!  That patch Alex Kiernan wrote to inn-patches deserves some
> comment, (the same way that you have to tell your friends about any near
> death miss on the highway.)

> The code that got disabled by leaving out the */ is running SUID
> root. It is only fortunate happenstance that it wasn't a big security
> hole.  (It is just two comments away from disabling a drop privileges!)

Yup!  It *would* have been caught by full warnings, though.  More
motivation to get the code base cleaned up enough that those of us who are
maintaining the code can routinely compile with all the warnings turned
on.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the inn-workers mailing list