[1047] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: Possible bufferoverflow condition in lpr, xterm and xload

daemon@ATHENA.MIT.EDU (Samuel_Mikes@hmc.edu)
Thu Aug 22 05:56:09 1996

Date: Wed, 21 Aug 1996 09:54:04 -0700
From: Samuel_Mikes@hmc.edu
To: Alex Mottram <alex@dns1.net-connect.net>
Cc: linux-security@tarsier.cv.nrao.edu
Reply-To: Samuel_Mikes@hmc.edu

>> Personally, I'd wish to have a distribution kit that would ask me
>> whether I want an "merely open" or a "secure" system. For development
>> 
>> What do you think about this?

Alex> Personally, I find that doing a "cd / ; find -perm -04000 -user root" and

  I really recommend doing both 'find / -perm -4000 -print' and 
'find / -perm -2000 -print'.  There are suid uucp binaries, tin by default
is suid news, (unnecessary if you read news by NNTP, like me), plus there
are some sgid binaries which don't need to be sgid.

Just a thought,

Sam
--
Sam Mikes                            "I could kill for this 
                                       one time and not get caught"
Samuel_Mikes@hmc.edu                             -- Midnight Oil

home help back first fref pref prev next nref lref last post