[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security hole in setuid packages


> Are these "vulnerable programs" ?
> Please, tell me why.

Each suid program is potentially vulnerable to programming errors, since it
runs with increased priveledges. We shuld try to reduce the amount of SUID
programs (especuially suid root) as i had written some time ago.

You can see /var/log/suid.today for possible security problems :)

You will see programs like mount, login, lp*, xterm, sendmail, cron*.

All of those programs run with increased priveeldges, and all of them where
the source for a lot of Security Reports (Cert, Bugtraq..).

  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +4972573817  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: