mailing list archives
Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
From: chris () FERRET LMH OX AC UK (Chris Evans)
Date: Mon, 1 Jun 1998 17:58:24 +0100
the binary RPMs have always been shipped with suid linuxconf. Does this
announce mean that linuxconf has been found insecure, so that is MUST not
be used suid ? I haven't seen anything about linuxconf on BUGTRAQ, apart
from your posting.
I alerted RedHat to the insecurity in a suid root linuxconf. I didn't cc:
to bugtraq (only the xosview got cc:'ed here which still isn't fixed).
Now RedHat have a fixed rpm out, I suppose I had better spill the beans.
Set environment variable "LANG" to a long string (about 1k should do it).
Run linuxconf. Watch crash. Smile.
Note that discovery of this problem was trivial.
Most importantly, please note that there are probably plenty of other
security holes in linuxconf apart from this one.
- Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd) Chris Evans (Jun 01)