[591] in linux-security and linux-alert archive
Problem with minicom 1.71
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Thu Feb 1 05:24:51 1996
To: linux-security@tarsier.cv.nrao.edu
Cc: linux-alert@tarsier.cv.nrao.edu
Date: Thu, 01 Feb 1996 04:07:01 +0100
From: Olaf Kirch <okir@monad.swb.de>
-----BEGIN PGP SIGNED MESSAGE-----
Hi all,
There is a problem present in minicom 1.72 and earlier versions that
allows local users to execute programs under whatever uid or gid minicom
runs. People often make minicom suid or sgid to some ID because they
keep their tty log files in the UUCP spool directory or something like
this. Please check whether your minicom binary runs suid or sgid, and
consider upgrading.
Miquel van Smoorenburg has fixed this in his latest version available at
http://sunsite.unc.edu/pub/Linux/apps/comm/minicom-1.74.tar.gz
Note that this is *not* the same problem as the one discussed half a
year ago. I will send a more detailed explanation to linux-security
within the next few days.
Cheers
Olaf
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMRAuTOFnVHXv40etAQFXZQP/TDNpB0Gyi64hDMsf2A2FqC6FyjSg7ZVT
7PwcTuH3Zu6Vh6qDQ9VpWYjpCxBLRd0ho6A4scCbQx90yGTuWwp6McMcYPyZlREo
0IvYW5B6MkBA0aeuJS1dNEotRfZhEMmzK50tvhXyaw+iRnlzOcX7dgMPsZgoGz/o
ADCBsM5Vrnk=
=SQva
-----END PGP SIGNATURE-----
