[KLUG Members] This is a bad one

Kevin Mitchell members@kalamazoolinux.org
Fri, 19 Oct 2001 16:30:15 -0400 (EDT)

Previous message: [KLUG Members] This is a bad one
Next message: [KLUG Members] This is a bad one
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I realize there may be more exotic ways to exploit this bug...  but a
> world-executable set-uid-0 binary? Well, Duh!!!!!!!!!!!!!  That is
> about as stupid an idea as I have ever seen.  I mean at least restrict
> execution to a group of "trusted users".

Yeah, some of those binaries can definately go.  But there still will be
things like ping, traceroute, passwd, su that will remain suid 0 for a
long time.

Kevin

Previous message: [KLUG Members] This is a bad one
Next message: [KLUG Members] This is a bad one
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]