Bugtraq mailing list archives
slight misinformation in CA-97.21
From: davek () RESEARCH ATT COM (Dave Kormann)
Date: Thu, 17 Jul 1997 10:15:06 -0400
from cert advisory CA-97.21:
As df will no longer work for non-root users, we recommend removing the execute permissions for them also.
this is false. without the setuid bit, df works just fine for non-root users (at least under 6.2). the only effect is that the little-used and expensive '-f' option (which forces df to scan the free block list and hence requires access to the device) won't work. there's no good reason to take away execute permission from df, unless your users are likely to be extremely confused by the lack of the '-f' option. dk
Current thread:
- CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary, (continued)
- CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Nicolas Dubee (Jan 01)
- Re: Vulnerability in Glimpse HTTP Martin Pool (Jul 10)
- It's not over yet. Aleph One (Jul 11)
- It's not over yet. Manley, Jim W (Jul 11)
- More information about JavaScript bug Dominick Matthias PN OIL 6 (Jul 11)
- new post SP3 hotfix: lm-fix Alex Libenson (Jul 12)
- Minor PGP vulnerability Harald Weidner (Jul 15)
- GetAdmin - Hotfix silent release ? Olivier Gerschel (Jul 16)
- Re: Minor PGP vulnerability Lucky Green (Jul 16)
- CERT Advisory CA-97.21 - SGI Buffer Overflow Vulnerabilities Aleph One (Jul 17)
- slight misinformation in CA-97.21 Dave Kormann (Jul 17)
- msg00234.html brush () SEARCH POL PL (Jul 17)
- CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Aleph One (Jul 16)
- Sun Security Bulletin #00146 Aleph One (Jul 16)
- Sun CDE 1.0.1: login bug Isaac (Jul 28)
- Re: Sun CDE 1.0.1: login bug Doug Hughes (Jul 29)
- CERT Vendor-Initiated Bulletin VB-97.06 - Vul in Lynx Downloading Aleph One (Jul 16)
- Re: [linux-security] so-called snprintf() in db-1.85.4 (fwd) Joe Zbiciak (Jul 10)
- A New Fragmentation Attack Aleph One (Jul 10)