Date: Mon, 15 Jul 1996 09:46:56 +0200 From: Poul-Henning Kamp <phk@freebsd.org> To: -Vince- <vince@mercury.gaianet.net> Cc: jbhunt <jbhunt@mercury.gaianet.net>, freebsd-security-notification@freebsd.org, freebsd-security@freebsd.org, root@mercury.gaianet.net Subject: Re: New EXPLOIT located! Message-ID: <4914.837416816@critter.tfs.com> In-Reply-To: Your message of "Mon, 15 Jul 1996 00:43:05 PDT." <Pine.BSF.3.91.960715004202.1637C-100000@mercury.gaianet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> remove the rdist program from your system, or just remove the setuid >> bit from it. >> >> Do normal "we've been hacked cleanup". > > While we're at the subject, is there a hole with mount_msdos also >because the guy had some text on mount_msdos but I deleted the >/sbin/mount_msdos and -current still installs with the setuid bit... Well, until proven innocent, all setuid programs are suspect. Make a list of them all, remove setuid on any you don't use. Consider carefully the minimum permissions you can get away with on the rest. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4914.837416816>