[138] in linux-security and linux-alert archive
Re: "Find all the SUID programs." Fine. So which *should* be SUID?
daemon@ATHENA.MIT.EDU (Panzer Boy)
Mon Mar 13 06:08:50 1995
To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Panzer Boy)
Date: 13 Mar 1995 03:01:45 -0500
Reply-To: linux-security@tarsier.cv.nrao.edu
Elias Levy (elias@power.net) wrote:
: > -rwsr-sr-x 1 news news 222212 Aug 12 1994 /usr2/local/bin/tin
: You can escape any command from within tin with !. So you must disable shell
: escapes. The way I like it better is to run inn or other and run tin -r
: with no suid bit. (Remember to set the nnrpd.hosts file correctly of curse)
In tin, here, I type !, then /bin/tcsh, then id....
> id
uid=405(panzer) gid=100(users) groups=100(users),10(wheel),101(lusers)
Though it doesn't matter anymore as I have removed the suid bit as I
don't need tin writing index files. (Though I did check this with suid
back on)
--
-Matt (panzer@dhp.com) DI-1-9026
"That which can never be enforced should not be prohibited."
