[480] in RedHat Linux List
Re: security hole in ncpfs-2.0.5-2 [really!]
daemon@ATHENA.MIT.EDU (Alex Mottram)
Tue Oct 22 20:31:16 1996
Date: Tue, 22 Oct 1996 19:32:06 -0500 (CDT)
From: Alex Mottram <alex@mail.net-connect.net>
To: Erik Troan <ewt@redhat.com>
cc: redhat-list@redhat.com
In-Reply-To: <Pine.LNX.3.93.961022180636.27057B-100000@redhat.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Tue, 22 Oct 1996, Erik Troan wrote:
>
> We don't ship ncpfs SUID root as it has race conditions in it that
> are exploitable, so this problem does not affect Red Hat.
>
> Erik
>
Oops! My mistake. I always go and rip the sticky bit off any binaries
that don't *need* them. That's what I get for not verifying that the RPM
had the s-bits set.
Sorry!
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
