OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Group-writable executable in OpenLDAP
From: Christian Kleinewaechter (kleinewMATHEMATIK.UNI-BIELEFELD.DE)
Date: Wed Jul 26 2000 - 06:33:23 CDT


OpenLDAP installs the ud binary in $binpath with mode 775 and default
group (i.e. either you primary gid or the directories gid). Of course the
consequences depend on which group this actually is. This was checked with
1.2.11 (latest stable), but probably also exists in earlier versions,
since the Makefile.in is dated 1/14/1999. Developers have been notified
and fixed this issue (at least in the CVS tree). So either change the mode
in line

  $(LTINSTALL) $(INSTALLFLAGS) -m 775 ud $(bindir)

to

  $(LTINSTALL) $(INSTALLFLAGS) -m 755 ud $(bindir)

in clients/ud/Makefile.in (resp. clients/ud/Makefile if you don't use
autoconf) or chmod the executable afterwards (or maybe do nothing at all
if "default group" is a trusted group).

---------------------------------------------------------------------------
 Dr. Christian Kleinewaechter
 Universitaet Bielefeld
---------------------------------------------------------------------------
                    Wieviel Prozent hat ein Bit?