Bugtraq mailing list archives
Re: SunOS syslog() fix, finally...
From: blymn () awadi com au (Brett Lymn)
Date: Tue, 14 Nov 1995 11:05:09 +1030
According to Jake Luck:
yeah, but what about /usr/sbin/ufsrestore ? it is statically linked, utilizes syslog, and suid root.
If you are a BOFH then just kill the setuid bit on ufsrestore. It means that root has to do the restores but it does close an awful lot of holes (like someone dragging in a QIC and restoring their favourite version of /etc/passwd.... need I say more?). Or you could just remove the global rx though this may bugger up remote root users. -- Brett Lymn, Computer Systems Administrator, AWA Defence Industries =============================================================================== "It's fifteen hundred miles to Ankh-Morpork" he said. "We've got three hundred and sixty three elephants, fifty carts of forage, the monsoon's about to break and we're wearing ... we're wearing ... sort of things, like glass, only dark... dark glass things on our eyes..." - Terry Pratchett "Moving Pictures".
Current thread:
- Re: Telnet attack on SGI, (continued)
- Re: Telnet attack on SGI Justin Mason (Nov 02)
- Linux and DEC patches available for CA-95:14 Telnetd Vulnerability Paul Leyland (Nov 03)
- Re: Telnet attack on SGI Christopher Davis (Nov 03)
- SunOS syslog() fix, finally... Jay 'Whip' Grizzard (Nov 03)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 04)
- Re: SunOS syslog() fix, finally... Scott Barman (Nov 08)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 09)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 10)
- Re: SunOS syslog() fix, finally... Jake Luck (Nov 10)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 13)
- Re: SunOS syslog() fix, finally... Brett Lymn (Nov 13)
- ufsrestore suid root not a security hole Sean Vickery (Nov 16)
- Re: SunOS syslog() fix, finally... Casper Dik (Nov 17)
- SGI Security Advisory 19951101 - telnetd SGI Security Coordinator (Nov 17)
- SGI Security Advisory 19951101 - telnetd : UPDATE SGI Security Coordinator (Nov 17)
- Re: Telnet attack on SGI Justin Mason (Nov 02)
- Re: SunOS syslog() fix, finally... Pug (Nov 10)
- Turning dynamic into static? Lawrence R. Rogers (Nov 09)
- Re: Does the shared lib bug work on any suid program ? Fred Blonder (Nov 03)
- Re: Does the shared lib bug work on any suid program ? John Capo (Nov 03)