Bugtraq mailing list archives
Re: [Debian 2.0] /usr/bin/suidexec gives root access
From: joey () KITENET NET (Joey Hess)
Date: Tue, 28 Apr 1998 14:32:54 -0700
Russell Coker - mailing lists account wrote:
Executive summary: /usr/bin/suidexec gives every user a root shell. Remove it.Also change the suidexec line in /etc/suid.conf to the following so it never gets the SUID bit again: suidmanager /usr/bin/suidexec root root 755 ^^^^ The default is 4755.
A simpler fix is to just upgrade to suidmanager 0.19 (from ftp://ftp1.us.debian.org/debian/Incoming/suidmanager_0.19_all.deb), which removes the suidexec program entirely. -- see shy jo
Current thread:
- Re: Leveraging search engines against FrontPage enabled websites MrJeKKyL (Apr 26)
- Re: Leveraging search engines against FrontPage enabled websites David LeBlanc (Apr 28)
- Re: Leveraging search engines against FrontPage enabled websites Michael Nelson (Apr 28)
- [Debian 2.0] /usr/bin/suidexec gives root access Thomas Roessler (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Russell Coker - mailing lists account (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Joey Hess (Apr 28)
- Re: [Debian 2.0] /usr/bin/suidexec gives root access Russell Coker - mailing lists account (Apr 28)
- Re: Leveraging search engines against FrontPage enabled websites David LeBlanc (Apr 28)