[6625] in bugtraq
Re: [Debian 2.0] /usr/bin/suidexec gives root access
daemon@ATHENA.MIT.EDU (Joey Hess)
Tue Apr 28 20:12:17 1998
Mail-Followup-To: Russell Coker - mailing lists account <bofh@COKER.COM.AU>,
BUGTRAQ@NETSPACE.ORG
Date: Tue, 28 Apr 1998 14:32:54 -0700
Reply-To: Joey Hess <joey@KITENET.NET>
From: Joey Hess <joey@KITENET.NET>
X-To: Russell Coker - mailing lists account <bofh@COKER.COM.AU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199804282044.QAA17933@netspace.org>; from Russell Coker -
mailing lists account on Wed, Apr 29, 1998 at 06:45:19AM +1100
Russell Coker - mailing lists account wrote:
> >Executive summary: /usr/bin/suidexec gives every user a
> >root shell. Remove it.
>
> Also change the suidexec line in /etc/suid.conf to the following so it never
> gets the SUID bit again: suidmanager /usr/bin/suidexec root root 755
> ^^^^
> The default is 4755.
A simpler fix is to just upgrade to suidmanager 0.19 (from
ftp://ftp1.us.debian.org/debian/Incoming/suidmanager_0.19_all.deb), which
removes the suidexec program entirely.
--
see shy jo
