[16181] in bugtraq
Re: (debian) Re: suidperl; more
daemon@ATHENA.MIT.EDU (Dylan Griffiths)
Thu Aug 10 16:20:48 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3991FBBA.32A9A55F@bigfoot.com>
Date: Wed, 9 Aug 2000 18:47:54 -0600
Reply-To: Dylan Griffiths <Dylan_G@BIGFOOT.COM>
From: Dylan Griffiths <Dylan_G@BIGFOOT.COM>
X-To: "Dunker, Noah" <NDunker@FISHNETSECURITY.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
"Dunker, Noah" wrote:
> I've long since gotten rid of my FreeBSD 3.x and 2.x boxen, so I don't have
> a good way to test old FreeBSD releases. I'll try OpenBSD 2.7 and NetBSD
> 1.4.2 when I get home. I'm guessing the recent releases of all *BSD are
> probably not vulnerable due to the location of mail (and the fact that
> /bin/bash doesn't exist, but any script kiddie can change the script to
> /bin/sh).
>
OpenBSD 2.7 release is not vulnerable because they don't have suidperl by
default (that whole secure by default policy of not having stuff unless you
need it, since non-setuid perl is fine for most).
--
www.kuro5hin.org -- technology and culture, from the trenches.
