Bugtraq mailing list archives
Re: Troff dangerous.
From: imp () VILLAGE ORG (Warner Losh)
Date: Tue, 27 Jul 1999 10:36:01 -0600
In FreeBSD-stable and -current, these tricks allow only tojan horses, but do not allow normal users to elevate their privs. It appears that man doesn't run at elevated priviledge levels for execution of the sub-commands needed to build the man pages (despite man being setuid man on FreeBSD-stable/current). I just noticed that OpenBSD added a -S flag which completely disables these commands... I think I like that, in conjunction with having man use that flag... Warner
Current thread:
- Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10) Andrej Todosic (Jul 22)
- Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10) Richard Bouska (Jul 22)
- Do these patches fix the rpc.cmsd hole? Tim Ramsey (Jul 22)
- L0pht Heavy Industries - AntiSniff Alex Yu (Jul 23)
- Trojan Horse Guard - Cassandra GOLD Release. Jonathan James (Jul 23)
- Troff dangerous. Pawel Wilk (Jul 23)
- New way to pay in advance for ToorCon '99 in San Diego, California Ben (Jul 24)
- Re: Troff dangerous. CyberPsychotic (Jul 25)
- Re: Troff dangerous. Pavel Kankovsky (Jul 25)
- Re: Troff dangerous. Warner Losh (Jul 27)
- Re: Troff dangerous. Julian Squires (Aug 02)
- Re: Troff dangerous. Olaf Kirch (Jul 26)
- IBM-ERS Security Vulnerability Alert: IBM AIX: Non-root users can cause the system to crash ibm-ers () ERS IBM COM (Jul 26)
- Redhat 6.0 cachemgr.cgi lameness daniel () NEWS GUS NET (Jul 23)
- Re: Redhat 6.0 cachemgr.cgi lameness Henrik Nordstrom (Jul 25)