[7293] in bugtraq
Re: Verity/Search'97 Security Problems
daemon@ATHENA.MIT.EDU (Jay Soffian)
Thu Jul 16 19:53:47 1998
Date: Thu, 16 Jul 1998 17:28:47 -0400
Reply-To: Jay Soffian <jay@CIMEDIA.COM>
From: Jay Soffian <jay@CIMEDIA.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of Thu, 16 Jul 1998 17:18:34 -0400.
+--Jay Soffian <jay@redshift.cimedia.com> once said:
|
|
|Obviously, you want to either make verity_path_post something less
|obvious than ".orig" or you want to suid the wrapper to some
|unprivledged user and make the ".orig" file executable by only that
|user.
|
|Duh.
Last message, I promise. My brain isn't working today. suid (or sgid)
is a terrible idea. Using something other than '.orig' works, but
that's security by obscurity. Probably, you are best using a <files>
section (or equiv if not Apache) to protect the '.orig' binaries.
j.
--
Jay Soffian <jay@cimedia.com> UNIX Systems Administrator
404.572.1941 Cox Interactive Media
