Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [Debian 2.0] /usr/bin/suidexec gives root access
From: joey () KITENET NET (Joey Hess)
Date: Tue, 28 Apr 1998 14:32:54 -0700


Russell Coker - mailing lists account wrote:
Executive summary: /usr/bin/suidexec gives every user a
root shell.  Remove it.

  Also change the suidexec line in /etc/suid.conf to the following so it never
gets the SUID bit again: suidmanager /usr/bin/suidexec root root 755
                                       ^^^^
The default is 4755.

A simpler fix is to just upgrade to suidmanager 0.19 (from
ftp://ftp1.us.debian.org/debian/Incoming/suidmanager_0.19_all.deb), which
removes the suidexec program entirely.

--
see shy jo



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]