[69] in linux-security and linux-alert archive
Re: Secure setup for file transfer
daemon@ATHENA.MIT.EDU (Mr Martin J Hargreaves)
Wed Mar 8 19:53:48 1995
Date: Wed, 8 Mar 1995 23:33:14 +0000 (GMT)
From: Mr Martin J Hargreaves <ch11mh@surrey.ac.uk>
To: linux-security@tarsier.cv.nrao.edu
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <3jio9q$6ab@dhp.com>
Reply-To: linux-security@tarsier.cv.nrao.edu
On 7 Mar 1995, Panzer Boy wrote:
>
> How about we stick to linux security on this list. For starters people
> should read bugtraq also.
>
> OB linux-security, SVGAlib with convfont being SUID root. Allows you to
> write any files as root.
Is this list going to be full disclosue like bugtraq? If so can
we have details? Otherwise do you have a fix (other than only running
SVGAlib programs as root).
M.
----------------------------------------------------------------
| Martin Hargreaves, ch11mh@surrey.ac.uk|
| Undergraduate Computational Chemist |
| WWW Server Admin http://www.chem.surrey.ac.uk|
----------------------------------------------------------------
--
[Mod: We would prefer to focus on security enhancement and "hole"
avoidance, detection, and fixes, rather than methods of
exploitation--unless discussing such methods is necessary for working
out a fix. However, we aren't trying to fool ourselves into thinking
that not discussing or divulging exploitation methods here will result
in the methods not "getting out" (usually they already are), so posts
that disclose them will not be disapproved for containing such
information. We'd just rather not use a lot of bandwidth *discussing*
this aspect of security as it could start to drown out other, IMHO more
worthwhile, discussions. Discussing and disclosing are two different
things. --Jeff.]
