src/usr.sbin/timed/timedc/timedc.c MFC Requested for 4.10-R

I have requested src/usr.sbin/timed/timedc/timedc.c, v 1.5 to be MFC’ed to RELENG_4 and RELENG_4_10 so it will get its way into the upcoming release. It has not decided whether this will be merged into RELENG_4_10 yet, however, it is very likely that this will.

Jacques pointed out that timedc dropped its privilege before calling makeargv. Given that it was a buffer overflow and some privileged resources are still accessable after the privilege drop, it has a moderate security risk.

Not sure whether this issue will get a security advisory.

• ← Got a FreeBSD 1.1.5.1-RELEASE tarball
• 原来你爱我的方式不同 →