Bugtraq mailing list archives

Re: (debian) Re: suidperl; more

From: Dylan Griffiths <Dylan_G () BIGFOOT COM>
Date: Wed, 9 Aug 2000 18:47:54 -0600

"Dunker, Noah" wrote:

I've long since gotten rid of my FreeBSD 3.x and 2.x boxen, so I don't have
a good way to test old FreeBSD releases.  I'll try OpenBSD 2.7 and NetBSD
1.4.2 when I get home.  I'm guessing the recent releases of all *BSD are
probably not vulnerable due to the location of mail (and the fact that
/bin/bash doesn't exist, but any script kiddie can change the script to
/bin/sh).


OpenBSD 2.7 release is not vulnerable because they don't have suidperl by
default (that whole secure by default policy of not having stuff unless you
need it, since non-setuid perl is fine for most).

--
    www.kuro5hin.org -- technology and culture, from the trenches.

Current thread:

Re: (debian) Re: suidperl; more Dunker, Noah (Aug 09)
- Re: (debian) Re: suidperl; more Sergiy Zhuk (Aug 10)
- Re: (debian) Re: suidperl; more Dylan Griffiths (Aug 10)