d9e2a34829
libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASL_PATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application utilizes libsasl, it may be possible for a local attacker to gain superuser privileges. ok jakob@