Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Aug 2000 06:15:04 -0700
From:      Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To:        freebsd-security@freebsd.org
Subject:   Group-writable executable in OpenLDAP (fwd)
Message-ID:  <200008171315.e7HDFSh12972@cwsys.cwsent.com>
next in thread | raw e-mail | index | archive | help 
Still catching up on email after 4 weeks of vacation and noticed this 
BUGTRAQ gem in my inbox.  Our OpenLDAP port needs to be fixed to 
address this.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC            


------- Forwarded Message

[headers deleted]
Message-ID: <Pine.LNX.4.10.10007261256390.29813-100000@hal01.Mathematik.
Uni-Bielefeld.DE>
Date: Wed, 26 Jul 2000 13:33:23 +0200
Reply-To: Christian Kleinewaechter <kleinew@MATHEMATIK.UNI-BIELEFELD.DE>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Christian Kleinewaechter <kleinew@MATHEMATIK.UNI-BIELEFELD.DE>
Subject: Group-writable executable in OpenLDAP
To: BUGTRAQ@SECURITYFOCUS.COM
Resent-To: cy
Resent-Date: Wed, 26 Jul 2000 13:11:54 -0700
Resent-From: Cy Schubert <cschuber@osg.gov.bc.ca>
X-UIDL: 4H?!!jI-"!Y6V"!3XP"!

OpenLDAP installs the ud binary in $binpath with mode 775 and default
group (i.e. either you primary gid or the directories gid). Of course 
the
consequences depend on which group this actually is. This was checked 
with
1.2.11 (latest stable), but probably also exists in earlier versions,
since the Makefile.in is dated 1/14/1999. Developers have been notified
and fixed this issue (at least in the CVS tree). So either change the 
mode
in line

  $(LTINSTALL) $(INSTALLFLAGS) -m 775 ud $(bindir)

to

  $(LTINSTALL) $(INSTALLFLAGS) -m 755 ud $(bindir)

in clients/ud/Makefile.in (resp. clients/ud/Makefile if you don't use
autoconf) or chmod the executable afterwards (or maybe do nothing at all
if "default group" is a trusted group).

- ----------------------------------------------------------------------
-----
 Dr. Christian Kleinewaechter
 Universitaet Bielefeld
- ----------------------------------------------------------------------
-----
                    Wieviel Prozent hat ein Bit?


------- End of Forwarded Message





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008171315.e7HDFSh12972>