[2850] in bugtraq
Re: [linux-security] BoS: CERT Advisory CA-96.12 - Vulnerability
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sun Jun 30 14:44:08 1996
Date: Sun, 30 Jun 1996 13:49:53 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199606300734.RAA20867@jagumba.anu.edu.au>
On Sun, 30 Jun 1996, James Seng wrote:
> Actually, it should be suidperl, not perl.
No...perl will automatically invoke suidperl if you have the script suid
or sgid.
> $>=0; $<=0; # Set UID and GID = 0
Actually, this sets the real and effective uid's...it doesn't touch the gid.
If you are root, who cares what your gid is?
> I just do "chmod u-s /usr/bin/*perl*" since i dont use for suid script.
This is the easy solution for those who don't need suid/sgid emulation.
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis@inorganic5.fdt.net | But please ask before sending
http://inorganic5.fdt.net | unsolicited huge files.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
