[6902] in bugtraq
Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
daemon@ATHENA.MIT.EDU (Erik Troan)
Tue Jun 2 19:06:23 1998
Date: Tue, 2 Jun 1998 09:02:22 -0400
Reply-To: Erik Troan <ewt@REDHAT.COM>
From: Erik Troan <ewt@REDHAT.COM>
X-To: Chris Evans <chris@FERRET.LMH.OX.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.980601175443.19489A-100000@ferret.lmh.ox.ac.uk>
On Mon, 1 Jun 1998, Chris Evans wrote:
> Most importantly, please note that there are probably plenty of other
> security holes in linuxconf apart from this one.
This is a really key point. Linuxconf is quite large, and (IMHO) much too
large to be properly audited. Linuxconf needs to use some sort of setuid
helper program and a reexec mechanism if it ever hopes to be secure.
Yes, Red Hat new this before we shipped it. Yes, Red Hat knew we needed
to turn of the setuid bit. Yes, Red Hat screwed up :-(
Erik
-------------------------------------------------------------------------------
| "For the next two hours, VH1 will be filled with foul-mouthed, |
| crossdressing Australians. Viewer discretion is advised." |
| |
| Linux Application Development -- http://www.redhat.com/~johnsonm/lad |
