Re: Linux /usr/bin/gnuplot overflow

From: Marc SCHAEFER (schaeferat_private)
Date: Sat Mar 06 1999 - 00:41:36 PST

Next message: leshka: "Little exploit for startup scripts (SCO 5.0.4p)."

Previous message: Jim Paris: "More Internet Explorer zone confusion"
Maybe in reply to: xnecat_private: "Linux /usr/bin/gnuplot overflow"
Next in thread: Marc Heuse: "Re: Linux /usr/bin/gnuplot overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> /etc/rc.config and set PERMISSION_SECURITY="paranoid". That way gnuplot

warning, warning.

permissions.paranoid is not supported by SuSE --- it was contributed
by me. It only fixes the problems that SuSE 5.0 had. When I have
some time again, I will do the same work with a full install of
SuSE 6.0.

At least without clear information from SuSE that /etc/permissions.paranoid
is uptodate, I would not count on it to be _absolutely_ paranoid.
After all, you are supposed to do your homeworks yourself, too :)

Also, for it to work, it needs a few things, such as an ``xok'' group,
etc, look at the start of that file.

> root@laser:/home/andrea# grep gnuplot /etc/permissions.paranoid
> # WHY ON HELL was gnuplot suid root !!!!!
> /usr/bin/gnuplot                       root.root        755

I remember my very clean statements about this problem :)

The ``reason'', as someone pointed out, is the SVGALib. For me that's
a very bad reason to suid --- by default --- an executable.

Next message: leshka: "Little exploit for startup scripts (SCO 5.0.4p)."
Previous message: Jim Paris: "More Internet Explorer zone confusion"
Maybe in reply to: xnecat_private: "Linux /usr/bin/gnuplot overflow"
Next in thread: Marc Heuse: "Re: Linux /usr/bin/gnuplot overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:10 PDT