Bugtraq mailing list archives
Re: Possible bufferoverflow condition in lpr, xterm and xload
From: sopwith () redhat com (Elliot Lee)
Date: Tue, 13 Aug 1996 13:56:43 -0400
On Tue, 13 Aug 1996, Mike Acar wrote:
It might be worth noting that when I ran tiger on my bastardized and upgraded Red Hat 2.0 system, it produced a 7 MB output. Mostly this was complaining about lots of things being group bin, root, etc writable. Or perhaps this is no surprise to anybody. To Red Hat's credit, none of the s[ug]id binaries they provide is writable by anybody but the owner.
1. 2.0 is ancient - if you are still running it w/o upgrades (which I doubt, from the "bastardized" part :) there are worse security holes to worry about. 2. The default setup for Red Hat is to have each person in their own group, and have a umask of 002. When you change things, g+w permissions got added, and tiger squawked. The pro's and con's of the individual group scheme as opposed to the UNIX norm are arguable, but you shouldn't have to worry about any additional security problems with it (?) --==== Elliot Lee = <sopwith () redhat com> == Red Hat Software ====-- "Usenet is like a herd of performing elephants with diarrhea; massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind-boggling amounts of excrement when you least expect it."
Current thread:
- Vulnrability in all known Linux distributions, (continued)
- Vulnrability in all known Linux distributions bloodmask (Aug 12)
- Re: Vulnrability in all known Linux distributions Steve Czetty (Aug 13)
- Re: Vulnrability in all known Linux distributions Alan Brown (Aug 13)
- Re: Vulnrability in all known Linux distributions Elliot Lee (Aug 13)
- Re: Vulnrability in all known Linux distributions Alan Cox (Aug 14)
- mount/umount realpath() buffer overflow David J. Meltzer (Aug 13)
- Possible bufferoverflow condition in lpr, xterm and xload bloodmask (Aug 12)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Digital Dreamer (Aug 12)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Casper Dik (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Mike Acar (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Elliot Lee (Aug 13)
- why suid mount (was Re: Possible bufferoverflow condition in lpr, Bryan Reece (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Christopher Masto (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Brian Tao (Aug 15)
- Re: Possible bufferoverflow condition in lpr, xterm and xload *Unknown* (Aug 17)
- Re: libresolv+ bug Theo Van Dinter (Aug 17)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Jon Lewis (Aug 18)
- Re: libresolv+ bug Alan Cox (Aug 19)
- libresolv Xarthon (Aug 18)
- Re: libresolv Xarthon (Aug 18)