Date: Mon, 15 Jul 1996 08:56:04 -0400 (EDT) From: Paul Danckaert <pauld@umbc.edu> To: jbhunt <jbhunt@mercury.gaianet.net> Cc: freebsd-security@freebsd.org, root@mercury.gaianet.net Subject: Re: New EXPLOIT located! Message-ID: <Pine.SGI.3.91.960715085258.23456A@umbc7.umbc.edu> In-Reply-To: <Pine.BSF.3.91.960714212321.1806A-300000@mercury.gaianet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thats the exact exploit posted days ago to Bugtraq, line for line. It was verified to work on most of the different BSD-based Oses. To get around it, strip the suid bit off, or run the USC rdist, which doesn't care about the suid bit. We run it here since, in addition to not being suid root, we can use it easily with ssh for doing (more) secure rdists.. The normal policy we use when setting up machines here is to do a find for suid and sgid files on the system. Pick off the essential ones, and strip the bits off any others. Its saved us from several irix and sun holes in the past.. and one or two bsd ones now too. paul
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.91.960715085258.23456A>