|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: majordomo local exploit
Subject: Re: majordomo local exploit
From: Christopher X. Candreva (chris
WESTNET.COM)
Date: Wed Dec 29 1999 - 08:52:33 CST
- Next message: Taneli Huuskonen: "Re: majordomo local exploit"
- Previous message: Christopher Schulte: "Re: majordomo local exploit"
- In reply to: Brock Tellier: "majordomo local exploit"
- Next in thread: Henrik Edlund: "Re: majordomo local exploit"
- Reply: Christopher X. Candreva: "Re: majordomo local exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 28 Dec 1999, Brock Tellier wrote:
> but wrapper immediatly setuid()'s and setgid()'s to owner:daemon before
> execing the wrapped program.
Bugs in resend aside, this appears to be an incorrect configuration of
wrapper. majordomo should have it's own group as well as user, and it
should change to that group, not daemon. This is according to Doc/FAQ in the
Majordomo 1.94.4 distribution.
The whole point of the wrapper and unique uid/gid is to limit the effect of
such bugs.
-Chris
==========================================================
Chris Candreva -- chriswestnet.com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/
- Next message: Taneli Huuskonen: "Re: majordomo local exploit"
- Previous message: Christopher Schulte: "Re: majordomo local exploit"
- In reply to: Brock Tellier: "majordomo local exploit"
- Next in thread: Henrik Edlund: "Re: majordomo local exploit"
- Reply: Christopher X. Candreva: "Re: majordomo local exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Wed Dec 29 1999 - 19:14:01 CST