Date: Fri, 28 Jun 1996 01:37:20 +0200 (MET DST) From: Ollivier Robert <roberto@keltia.freenix.fr> To: root@edmweb.com (Steve Reid) Cc: guido@gvr.win.tue.nl, freebsd-security@FreeBSD.ORG Subject: Re: CERT Advisory CA-96.12 - Vulnerability in suidperl (fwd) Message-ID: <199606272337.BAA22624@keltia.freenix.fr> In-Reply-To: <Pine.BSF.3.91.960627155905.196B-100000@bitbucket.edmweb.com> from Steve Reid at "Jun 27, 96 04:02:10 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
It seems that Steve Reid said: > I'm using FreeBSD 2.1.0-RELEASE. Is it sufficent to remove the suid bit > from the suidperl binaries? Or do I also have to search for scripts with > the suid bit? Removing the setuid of suidperl is enough. Setuid scripts are not valid and the setuid bit is there only for suidperl. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 2.2-CURRENT #11: Thu Jun 13 11:01:47 MET DST 1996
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606272337.BAA22624>