Bugtraq mailing list archives
Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
From: chris () FERRET LMH OX AC UK (Chris Evans)
Date: Mon, 1 Jun 1998 17:58:24 +0100
Hi!! Someone wrote:
the binary RPMs have always been shipped with suid linuxconf. Does this announce mean that linuxconf has been found insecure, so that is MUST not be used suid ? I haven't seen anything about linuxconf on BUGTRAQ, apart from your posting.
I alerted RedHat to the insecurity in a suid root linuxconf. I didn't cc: to bugtraq (only the xosview got cc:'ed here which still isn't fixed). Now RedHat have a fixed rpm out, I suppose I had better spill the beans. Set environment variable "LANG" to a long string (about 1k should do it). Run linuxconf. Watch crash. Smile. Note that discovery of this problem was trivial. Most importantly, please note that there are probably plenty of other security holes in linuxconf apart from this one. Cheers Chris
Current thread:
- Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd) Chris Evans (Jun 01)
- Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd) Erik Troan (Jun 02)