[668] in linux-security and linux-alert archive
Re: [linux-security] Security problems in RedHat 3.0.3...
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Sat Apr 13 14:59:54 1996
To: zblaxell@myrus.com (Zygo Blaxell)
Date: Fri, 12 Apr 1996 20:37:53 +0200 (METDST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199604101846.OAA12880@shampoo.myrus> from "Zygo Blaxell" at Apr 10, 96 02:46:16 pm
From: R.E.Wolff@et.tudelft.nl (Rogier Wolff)
X-Return-Receipt-To: wolff@erasmus.et.tudelft.nl
>
> Fix 1: make the man program operate setuid instead of setgid. This
[Unverified rumor]
Ehm.... while on the subject of "man" bugs, man and/or groff will run
arbitrary programs under specification of the man-page-writer.......
Do you still want "man" running setuid? (Yes I understand, you want
man running as an upriviliged user. However in combination with
the bug above, this will subvert your suggested fix)
Roger.
--
** Q: What's the difference between MicroSoft Windows and a virus? **
** A: Apart from the fact that virusses are supported by their authors, **
** use optimized, small code and usually perform well, none. **
** EMail: R.E.Wolff@et.tudelft.nl * Tel +31-15-2783643 or +31-15-2137459 **
*** <a href="http://einstein.et.tudelft.nl/~wolff/">my own homepage</a> ***
