[21196] in bugtraq
Re: [RHSA-2001:078-05] Format string bug fixed
daemon@ATHENA.MIT.EDU (Petri Kaukasoina)
Tue Jun 26 15:00:02 2001
Date: Tue, 26 Jun 2001 08:26:44 +0300
From: Petri Kaukasoina <kaukasoi@elektroni.ee.tut.fi>
To: bugtraq@securityfocus.com
Message-ID: <20010626082644.A6261@elektroni.ee.tut.fi>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.33.0106221345580.11217-100000@debussy.ucsc.edu>; from dummkopf@physics.ucsc.edu on Fri, Jun 22, 2001 at 02:02:23PM -0700
On Fri, Jun 22, 2001 at 02:02:23PM -0700, helmut g. katzgraber wrote:
> has the rpm offered on the lprng site also the same problems as the redhat
> one (advisory RHSA-2001:077-05)?
According to the redhat advisory, the problem is:
"LPRng fails to drop supplemental group membership at init time, though it
does properly setuid and setgid. The result is that LPRng, and its children,
maintain any supplemental groups that the process starting LPRng had at the
time it started LPRng. This is a security risk."
root is the only one that can start lpd in the first place. So I guess in
redhat root belongs to some supplemental groups. If this is the case, I
would just remove root from all the supplemental groups in /etc/groups.
