Re: Verity/Search'97 Security Problems

From: Jay Soffian (jayat_private)
Date: Thu Jul 16 1998 - 14:28:47 PDT

Next message: Jay Soffian: "Re: Verity/Search'97 Security Problems"

Previous message: Security Research Team: "S.A.F.E.R. Security Bulletin 980708.DOS.1.1"
Maybe in reply to: Stefan Arentz: "Verity/Search'97 Security Problems"
Next in thread: Jay Soffian: "Re: Verity/Search'97 Security Problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

+--Jay Soffian <jayat_private> once said:
|
|
|Obviously, you want to either make verity_path_post something less
|obvious than ".orig" or you want to suid the wrapper to some
|unprivledged user and make the ".orig" file executable by only that
|user.
|
|Duh.

Last message, I promise. My brain isn't working today. suid (or sgid)
is a terrible idea. Using something other than '.orig' works, but
that's security by obscurity. Probably, you are best using a <files>
section (or equiv if not Apache) to protect the '.orig' binaries.

j.
--
Jay Soffian <jayat_private>                       UNIX Systems Administrator
404.572.1941                                             Cox Interactive Media

Next message: Jay Soffian: "Re: Verity/Search'97 Security Problems"
Previous message: Security Research Team: "S.A.F.E.R. Security Bulletin 980708.DOS.1.1"
Maybe in reply to: Stefan Arentz: "Verity/Search'97 Security Problems"
Next in thread: Jay Soffian: "Re: Verity/Search'97 Security Problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:19 PDT