[9826] in bugtraq
Re: Linux /usr/bin/gnuplot overflow
daemon@ATHENA.MIT.EDU (Marc SCHAEFER)
Mon Mar 8 02:52:04 1999
Date: Sat, 6 Mar 1999 09:41:36 +0100
Reply-To: Marc SCHAEFER <schaefer@ALPHANET.CH>
From: Marc SCHAEFER <schaefer@ALPHANET.CH>
To: BUGTRAQ@NETSPACE.ORG
> /etc/rc.config and set PERMISSION_SECURITY="paranoid". That way gnuplot
warning, warning.
permissions.paranoid is not supported by SuSE --- it was contributed
by me. It only fixes the problems that SuSE 5.0 had. When I have
some time again, I will do the same work with a full install of
SuSE 6.0.
At least without clear information from SuSE that /etc/permissions.paranoid
is uptodate, I would not count on it to be _absolutely_ paranoid.
After all, you are supposed to do your homeworks yourself, too :)
Also, for it to work, it needs a few things, such as an ``xok'' group,
etc, look at the start of that file.
> root@laser:/home/andrea# grep gnuplot /etc/permissions.paranoid
> # WHY ON HELL was gnuplot suid root !!!!!
> /usr/bin/gnuplot root.root 755
I remember my very clean statements about this problem :)
The ``reason'', as someone pointed out, is the SVGALib. For me that's
a very bad reason to suid --- by default --- an executable.
