[1047] in linux-security and linux-alert archive
Re: [linux-security] Re: Possible bufferoverflow condition in lpr, xterm and xload
daemon@ATHENA.MIT.EDU (Samuel_Mikes@hmc.edu)
Thu Aug 22 05:56:09 1996
Date: Wed, 21 Aug 1996 09:54:04 -0700
From: Samuel_Mikes@hmc.edu
To: Alex Mottram <alex@dns1.net-connect.net>
Cc: linux-security@tarsier.cv.nrao.edu
Reply-To: Samuel_Mikes@hmc.edu
>> Personally, I'd wish to have a distribution kit that would ask me
>> whether I want an "merely open" or a "secure" system. For development
>>
>> What do you think about this?
Alex> Personally, I find that doing a "cd / ; find -perm -04000 -user root" and
I really recommend doing both 'find / -perm -4000 -print' and
'find / -perm -2000 -print'. There are suid uucp binaries, tin by default
is suid news, (unnecessary if you read news by NNTP, like me), plus there
are some sgid binaries which don't need to be sgid.
Just a thought,
Sam
--
Sam Mikes "I could kill for this
one time and not get caught"
Samuel_Mikes@hmc.edu -- Midnight Oil