Bugtraq mailing list archives
Re: [linux-security] Re: Possible bufferoverflow condition in
From: dreamer () garrison inetcan net (Digital Dreamer)
Date: Wed, 14 Aug 1996 14:58:05 -0600
On Wed, 14 Aug 1996, Mike Jackson wrote:
On Tue, 13 Aug 1996, Jeff Uphoff wrote:
[snip]
The same point goes for any other program. Very few programs need to actually be suid root. Most systems are using ppp these days, rather then slip. But how many systems still have dip set suid root?! I'd bet a lot do. Check your systems! Bugs in programs are found every day. Disable what is not needed.
On the same note, after all the problems with sendmail, why does it still need suid to operate? It seems like the best thing to do to me would have it drop them immediately after opening port 25. If you were to set the files in /var/spool/mail writable by group mail (and of course make sendmail in group mail), it could still add to the user's individual mail spools. The adduser script or what have you could create the mail spool when the account was created, since a create would fail if sendmail tried to do it. Apart from the obvious advantages of this making the kind of hole where files can be arbitrairly overwritten, it also means that even if they do gain a shell, at least it won't be a root shell. Just some random thoughts. (and yes, I did mean Motif when I said Mosaic in my last post. ;) dreamer
Current thread:
- Re: Possible bufferoverflow condition in lpr, xterm and xload Wolfram Schmidt (Aug 13)
- <Possible follow-ups>
- Re: Possible bufferoverflow condition in lpr, xterm and xload Jeff Uphoff (Aug 13)
- Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in Digital Dreamer (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in David DeSimone (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in Vidar Madsen (Aug 15)
- Re: [linux-security] Re: Possible bufferoverflow condition in Shaun Lowry (Aug 16)
- Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
- The buggy realpath.c Alan Cox (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Nick Andrew (Aug 20)