Date: Tue, 4 Feb 1997 10:03:45 -0600 (CST) From: Karl Denninger <karl@Mcs.Net> To: jgreco@solaria.sol.net (Joe Greco) Cc: karl@Mcs.Net, spork@super-g.com, danny@panda.hilink.com.au, security@FreeBSD.ORG Subject: Re: Question: 2.1.7? Message-ID: <199702041603.KAA18948@Jupiter.Mcs.Net> In-Reply-To: <199702041600.KAA00609@solaria.sol.net> from "Joe Greco" at Feb 4, 97 10:00:58 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Warning! > > > > There are static-linked executables which are shipped SUID with most FreeBSD > > implementations. THESE MUST BE RECOMPILED ALSO! > > > > Make very, very sure you don't have any old SUID executables laying around. > > If you do, you're vulnerable even with a libc fix. > > Warning! > > You pretty much have to recompile the entire system, to be safe. > > Otherwise there will come a time when someone discovers a vulnerability > due to a non-SUID executable being forked off (perhaps several layers deep) > by a SUID program or other program being run by root... > > Paranoid? Yes. True? Sadly. > > I am very interested in this whole topic... > > ... Joe > > ------------------------------------------------------------------------------- > Joe Greco - Systems Administrator jgreco@ns.sol.net > Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 That was basically what I was saying.... "make world" is pretty much required. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 773 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702041603.KAA18948>