[linux-security] Security hole in installation of suidperl from RedHat 4.0

Honza Burdil honza na bobr.fjfi.cvut.cz
Sobota Říjen 19 23:02:31 CEST 1996

On Fri, 18 Oct 1996, Leos Bitto wrote:

> I've found security hole in installation of suidperl from RedHat 4.0. After 
> installation it has suid bit AND sgid bit set. It needs only suid bit. 
> When you leave sgid bit on, it will allow anybody to gain access to group 
> 0 (root). So do immediatelly "chmod g-s /usr/bin/suidperl" as root, if 
> you have RedHat 4.0 installed.
>                                                          Leos Bitto
>                                                   <bitto na kolej.mff.cuni.cz>

dik za upozorneni.

BTW v ftp://ftp.redhat.com/updates/i386 uz je na to patch

Zatim zdravi Honza
      Honza Burdil              e-mail:  honza na bobr.fjfi.cvut.cz     
                                         honza na infima.cz  
         For my PGP public key, http://bobr5.fjfi.cvut.cz/~honza/pgp.txt

Další informace o konferenci Linux