[linux-security] Security hole in installation of suidperl from RedHat 4.0
Honza Burdil
honza na bobr.fjfi.cvut.cz
Sobota Říjen 19 23:02:31 CEST 1996
On Fri, 18 Oct 1996, Leos Bitto wrote:
> I've found security hole in installation of suidperl from RedHat 4.0. After
> installation it has suid bit AND sgid bit set. It needs only suid bit.
> When you leave sgid bit on, it will allow anybody to gain access to group
> 0 (root). So do immediatelly "chmod g-s /usr/bin/suidperl" as root, if
> you have RedHat 4.0 installed.
>
>
> Leos Bitto
> <bitto na kolej.mff.cuni.cz>
>
Zdravim,
dik za upozorneni.
BTW v ftp://ftp.redhat.com/updates/i386 uz je na to patch
Zatim zdravi Honza
------------------------------------------------------------------------
Honza Burdil e-mail: honza na bobr.fjfi.cvut.cz
honza na infima.cz
For my PGP public key, http://bobr5.fjfi.cvut.cz/~honza/pgp.txt
------------------------------------------------------------------------
Další informace o konferenci Linux