Bugtraq mailing list archives

Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability

From: jlewis () inorganic5 fdt net (Jon Lewis)
Date: Sun, 30 Jun 1996 13:49:53 -0400


On Sun, 30 Jun 1996, James Seng wrote:

Actually, it should be suidperl, not perl.

No...perl will automatically invoke suidperl if you have the script suid
or sgid.

$>=0; $<=0; # Set UID and GID = 0


Actually, this sets the real and effective uid's...it doesn't touch the gid.
If you are root, who cares what your gid is?

I just do "chmod u-s /usr/bin/*perl*" since i dont use for suid script.


This is the easy solution for those who don't need suid/sgid emulation.

------------------------------------------------------------------
 Jon Lewis                      |  Mime attachments are OK
 jlewis () inorganic5 fdt net      |  But please ask before sending
 http://inorganic5.fdt.net      |  unsolicited huge files.
________Finger jlewis () inorganic5 fdt net for PGP public key_______

Current thread:

Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability, (continued)
- - - Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Casper Dik (Jun 30)
  - Validating email sender Brendan McKenna (Jun 30)
    - Re: Validating email sender Squidge (Jun 30)
    - Re: Validating email sender Alan Brown (Jun 30)
    - Re: Validating email sender Casper Dik (Jun 30)
    - portmapper dangers der Mouse (Jun 30)
    - Re: portmapper dangers Julian Assange (Jun 30)
    - Re: portmapper dangers Casper Dik (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Rob J. Nauta (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability James Seng (Jun 30)
  - Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Jon Lewis (Jun 30)
- Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability Michael Constant (Jun 30)