Bugtraq mailing list archives
Re: (debian) Re: suidperl; more
From: Dylan Griffiths <Dylan_G () BIGFOOT COM>
Date: Wed, 9 Aug 2000 18:47:54 -0600
"Dunker, Noah" wrote:
I've long since gotten rid of my FreeBSD 3.x and 2.x boxen, so I don't have a good way to test old FreeBSD releases. I'll try OpenBSD 2.7 and NetBSD 1.4.2 when I get home. I'm guessing the recent releases of all *BSD are probably not vulnerable due to the location of mail (and the fact that /bin/bash doesn't exist, but any script kiddie can change the script to /bin/sh).
OpenBSD 2.7 release is not vulnerable because they don't have suidperl by default (that whole secure by default policy of not having stuff unless you need it, since non-setuid perl is fine for most). -- www.kuro5hin.org -- technology and culture, from the trenches.
Current thread:
- Re: (debian) Re: suidperl; more Dunker, Noah (Aug 09)
- Re: (debian) Re: suidperl; more Sergiy Zhuk (Aug 10)
- Re: (debian) Re: suidperl; more Dylan Griffiths (Aug 10)