> minicom has a known, but not very well-known hole in it that is nearly
> identical to the wu-ftp hole. If you are a legitimate user of a pre 1.71
> version of minicom, you can get root,
What is minicom doing as root? It should be setgid dialout.
Is Slackware really doing that?
> There also apepars to be a bug in syslog. If you do something like:
>
> grep -v "ROOT" messages > mmm; mv mmm messages
This isn't a security hole since users shouldn't be able to write to
/var/log/messages.
> Logging is disabled, I suspect this problem is that the file pointer
> maintained by syslog is getting ahead of the physical EOF, and thus
> writes will fail, but this is just a guess, and I havent looked at the
> source to linux's syslog.
When you move something on top of messages, messages is unlinked.
The file is still open, but no longer accessible through the directory
structure.
--
Shields.
Received on Jul 07 1995
Intro
