Bugtraq readers who haven't been following the Linux security audit project (from whence most of the Red Hat fixes came - and other vendors will I assume be issuing identical updates) might like to take a look at how their own OS handles pointing the following at files only root can read and running setuid apps. (or setgid usage in some cases such as Mutt) TZ TERMINFO TERMCAP There are lots of files which when read do 'interesting' things, and termcap in paticular is fun because it tends to read the entire floppy/tape/memory etc before it gives up. This raises another related question. Has anyone ever tried to build the complete list of environment influenced file opens in not just libc but all the supporting libraries in unix systems ? A PS item btw: 2.0.35pre3 fixes the bug reported with SIGIO, and it should be out as 2.0.35 proper RSN - 2.0.35pre3 is a release candidate. We hadn't planned on a 2.0.35 release quite that soon but such is life. Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:01:16 PDT