mailing list archives
slight misinformation in CA-97.21
From: davek () RESEARCH ATT COM (Dave Kormann)
Date: Thu, 17 Jul 1997 10:15:06 -0400
from cert advisory CA-97.21:
As df will no longer work for non-root users, we recommend removing
the execute permissions for them also.
this is false. without the setuid bit, df works just fine for
non-root users (at least under 6.2). the only effect is that the
little-used and expensive '-f' option (which forces df to scan the
free block list and hence requires access to the device) won't work.
there's no good reason to take away execute permission from df, unless
your users are likely to be extremely confused by the lack of the '-f'
[linux-security] so-called snprintf() in db-1.85.4 (fwd) Aleph One (Jul 09)
MPE/iX Sec. Vulnerability with ICMP Echo Request (ping) Aleph One (Jul 09)