Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: Environment variables (SECURITY: too many new packages)Pavel Kankovsky (peakkerberos.troja.mff.cuni.cz)
Wed, 1 Jul 1998 10:49:29 +0200
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Liviu Daia: "Re: Serious Linux 2.0.34 security problem"
- Previous message: Edward John Brocklesby: "Re: Environment variables (SECURITY: too many new packages)"
On Wed, 1 Jul 1998, Alan Cox wrote: > Bugtraq readers who haven't been following the Linux security audit > project (from whence most of the Red Hat fixes came - and other vendors > will I assume be issuing identical updates) might like to take a look > at how their own OS handles pointing the following at files only root > can read and running setuid apps. (or setgid usage in some cases such as > Mutt) > TZ > TERMINFO > TERMCAP Add LANG, all LC_*, and various LD_* (esp. LD_*_OUTPUT) to the list. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "You can't be truly paranoid unless you're sure they have already got you."