Bugtraq mailing list archives
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
From: jlewis () inorganic5 fdt net (Jon Lewis)
Date: Sun, 30 Jun 1996 13:49:53 -0400
On Sun, 30 Jun 1996, James Seng wrote:
Actually, it should be suidperl, not perl.
No...perl will automatically invoke suidperl if you have the script suid or sgid.
$>=0; $<=0; # Set UID and GID = 0
Actually, this sets the real and effective uid's...it doesn't touch the gid. If you are root, who cares what your gid is?
I just do "chmod u-s /usr/bin/*perl*" since i dont use for suid script.
This is the easy solution for those who don't need suid/sgid emulation. ------------------------------------------------------------------ Jon Lewis | Mime attachments are OK jlewis () inorganic5 fdt net | But please ask before sending http://inorganic5.fdt.net | unsolicited huge files. ________Finger jlewis () inorganic5 fdt net for PGP public key_______
Current thread:
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability, (continued)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Casper Dik (Jun 30)
- Validating email sender Brendan McKenna (Jun 30)
- Re: Validating email sender Squidge (Jun 30)
- Re: Validating email sender Alan Brown (Jun 30)
- Re: Validating email sender Casper Dik (Jun 30)
- portmapper dangers der Mouse (Jun 30)
- Re: portmapper dangers Julian Assange (Jun 30)
- Re: portmapper dangers Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)