On Wed, 1 Jul 1998, Alan Cox wrote: > Bugtraq readers who haven't been following the Linux security audit > project (from whence most of the Red Hat fixes came - and other vendors > will I assume be issuing identical updates) might like to take a look > at how their own OS handles pointing the following at files only root > can read and running setuid apps. (or setgid usage in some cases such as > Mutt) > TZ > TERMINFO > TERMCAP Add LANG, all LC_*, and various LD_* (esp. LD_*_OUTPUT) to the list. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "You can't be truly paranoid unless you're sure they have already got you."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:01:21 PDT