[563] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

LSF Update#10: Another correction.

daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Sat Jan 13 19:08:37 1996

Date: Sat, 13 Jan 1996 17:25:05 -0500 (EST)
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
To: Linux Security Mailing List <linux-security@tarsier.cv.nrao.edu>,
        linux-alert@tarsier.cv.nrao.edu
cc: Linux Announce Submit <linux-announce@stc06.ctd.ornl.gov>,
        caldera-users@caldera.com

-----BEGIN PGP SIGNED MESSAGE-----

[LINUX SECURITY FAQ UPDATES ADMIN NOTE]

	Another error was noticed in a Linux Security FAQ Update#10
	regarding the vulnerability of fvwm 1.24. 

	The LSF Update#10 reads:

***** BEGIN LSF UPDATE QUOTE *****

  SOLUTION TO THE PROBLEM

           The successful attack against fvwm exploits a race condition that
           occurs when fvwm performs certain operations. The following
           information should allow one to prevent the race condition from
           occurring.

                   1. /tmp directory should be owned by (root:root) with
                      world-write, world-execute and world-read permissions.
                      A sticky bit is *required* on this directory.

                      Use the following set of commands to change your /tmp
                      directory parameters to conform with the requirements:

                           chown root.root /tmp (make ownership (root:root)) 
                           chmod 777 /tmp       (make protection mode 777)
                           chmod +s /tmp        (place a sticky bit on)

***** END LSF UPDATE QUOTE ******

	The line "chmod +s /tmp	(place a sticky bit on)" has to be
	read as "chmod +t /tmp (place a sticky bit on)". Please make the
	necessary changes in the protection mode of the /tmp directory

					--- Alexander O. Yuriev



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMPgsCYxFUz2t8+6VAQGBfQP+LAzTvTpuMcIa2TFdThFX+Z8zBFBtp2Bu
zqrLAHvLDUe8McFP8V9gRDIpc/rgFoNBjyVwrZ31ruK0RuqJ3363lq8iHebaVmni
4jacgKj4BBWVdN40RRQaK3qJ52lH7tebZvjw0wLAF6sYoXt3DHIsB+GM+B5T+aQz
n0W24Bmof4s=
=rsNv
-----END PGP SIGNATURE-----


============================================================================
Alexander O. Yuriev		            Email: alex@bach.cis.temple.edu
CIS Labs, TEMPLE UNIVERSITY   WWW: http://bach.cis.temple.edu/personal/alex
Philadelphia, PA, USA	 	
			
 KeyID: 1024/D62D4489 Key Fingerprint: AE84534377CCC4E2  37B13C4D8CD3D501 

Unless otherwise stated, everything above is my personal opinion and not an
               opinion of any organisation affiliated with me.
=============================================================================
home help back first fref pref prev next nref lref last post