> lpr will dump core if there is no symlink there. Maybe you failed to > install the patch correctly? If I recall rightly, the first patch disabled the most obvious attacks, but allowed a core dump for a setuid program across a symbolic link *if* the file existed and had 600 permissions (and was owned by the appropriate user). Unfortunately, certain sensitive files (such as /etc/master.passwd) fit these conditions. Thus the later patch under 3.0, which disabled *any* core dump across a symbolic link for *any* setuid program. Nir's test was only for a nonexistent file, which the earlier patch handles correctly. Unfortunately, in doing so it opens the other security hole which was later patched under 3.0. ...Ronny -- Ronald Cook, Technical Manager - Message Handling Systems/The Message eXchange Email: ronnyat_private ----- Phone: +61-2-9550-4448 ---- Fax: +61-2-9519-2551 All opinions are my own and not those of TMX unless explicitly stated otherwise.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:48:00 PDT