Re: Security hole in setuid packages

To: debian-devel@lists.debian.org
Subject: Re: Security hole in setuid packages
From: "Bernd Eckenfels" <mail.inka.de!lina!lina.inka.de!lists>
Date: Fri, 15 Nov 1996 20:59:37 +0100 (MET)
Message-id: <m0vOUQM-0004izC@lina>
In-reply-to: <328C98DC.2C1ADCB4@megabaud.fi> from "Fabrizio Polacco" at Nov 15, 96 06:22:52 pm

Hi,

> Are these "vulnerable programs" ?
> Please, tell me why.

Each suid program is potentially vulnerable to programming errors, since it
runs with increased priveledges. We shuld try to reduce the amount of SUID
programs (especuially suid root) as i had written some time ago.

You can see /var/log/suid.today for possible security problems :)

You will see programs like mount, login, lp*, xterm, sendmail, cron*.

All of those programs run with increased priveeldges, and all of them where
the source for a lot of Security Reports (Cert, Bugtraq..).

Greetings
Bernd
--
  (OO)      -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +4972573817  BE5-RIPE
(O____O)       If privacy is outlawed only Outlaws have privacy

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Re: Security hole in setuid packages
  - From: Fabrizio Polacco <fpolacco@megabaud.fi>

Prev by Date: Re: Setuid
Next by Date: System.map thoughts...
Previous by thread: Re: Security hole in setuid packages
Next by thread: Re: Security hole in setuid packages
Index(es):
- Date
- Thread