Re: Fwd: iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
On Mon, Nov 04, 2002 at 01:36:36PM +0000, David Wright wrote:
> Quoting Phillip Hofmeister (plhofmei@zionlth.org):
> What's this about? _____________________
> vvvv
>
> > 2. Remove the setuid bit from the XaoS binary by executing the
> > following command:
> >
> > # chmod -s /usr/lib/games/abuse/abuse.*
>
> (noticing -rwsr-xr-x root root 378888 Jul 27 17:34 /usr/bin/xaos)
> ^
Yikes. I recommend:
dpkg-statoverride --update --add root root 755 /usr/bin/xaos
This is permanent across upgrades, removals, and reinstalls of the xaos
package. (--update tells statoverride to effect the change itself.)
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC
Reply to: