Michael C. Toren on Sun, 29 Jun 2003 18:16:05 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[tcptra-dev] tcptraceroute-1.5beta4

tcptraceroute-1.5beta4 is now available at:


The changelog states:

    A call to seteuid() has been replaced with a call to setuid() to fully
    drop root privileges.  As there are currently no known exploitable
    portions of tcptraceroute, older versions are still believed to be
    safe even without fully dropping privileges, however users are still
    encouraged to upgrade to provide a measure of containment in the event
    that an exploitable flaw is discovered in the future.  Reported by
    David Coe <davidc@debian.org> and Matt Zimmerman <mdz@debian.org>,
    and published in Debian Security Advisory DSA 330-1.

    AC_FUNC_REALLOC was commented out of configure.ac, which was failing on
    IRIX badly systems.  The xrealloc() function in tcptraceroute already
    works around the realloc(0,0) case that AC_FUNC_REALLOC is attempting
    to prevent against, anyway.  Reported by Petter Reinholdtsen

As always, feedback is very much appreciated.  If I don't hear of any
further problems in the next 24 to 36 hours or so, I plan on releasing
tcptraceroute-1.5beta4 as tcptraceroute-1.5.

tcptraceroute-dev mailing list