|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SunOS syslog() fix, finally...
Brett Lymn (blymn
awadi.com.au)Tue, 14 Nov 1995 11:05:09 +1030
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Sean Vickery: "ufsrestore suid root not a security hole"
- Previous message: Michael/Miguel Sanchez: "Re: Telnet attack on SGI"
- In reply to: Jake Luck: "Re: SunOS syslog() fix, finally..."
- Next in thread: Sean Vickery: "ufsrestore suid root not a security hole"
According to Jake Luck:
>
>yeah, but what about /usr/sbin/ufsrestore ?
>
>it is statically linked, utilizes syslog, and suid root.
>
If you are a BOFH then just kill the setuid bit on ufsrestore. It
means that root has to do the restores but it does close an awful lot
of holes (like someone dragging in a QIC and restoring their favourite
version of /etc/passwd.... need I say more?). Or you could just
remove the global rx though this may bugger up remote root users.
--
Brett Lymn, Computer Systems Administrator, AWA Defence Industries
===============================================================================
"It's fifteen hundred miles to Ankh-Morpork" he said. "We've got
three hundred and sixty three elephants, fifty carts of forage, the
monsoon's about to break and we're wearing ... we're wearing ... sort
of things, like glass, only dark... dark glass things on our eyes..."
- Terry Pratchett "Moving Pictures".
- Next message: Sean Vickery: "ufsrestore suid root not a security hole"
- Previous message: Michael/Miguel Sanchez: "Re: Telnet attack on SGI"
- In reply to: Jake Luck: "Re: SunOS syslog() fix, finally..."
- Next in thread: Sean Vickery: "ufsrestore suid root not a security hole"