-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-Type: text/plain; charset=us-ascii On Mon, 18 Jun 2001 19:11:20 +0200, Paul Starzetz <paulat_private> wrote: >there is a symlink handling problem in the pcp suite from SGI. The >binary pmpost will follow symlinks, if setuid root this leads to instant >root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE >package, though). It would have been nice if you had informed SGI about this problem before mailing to bugtraq. As a temporary workaround, remove setuid from pmpost. Any PCP events from pmie running as a user will not be logged, this is unlikely to be a problem. A full patch will be available tomorrow, after it has been reviewed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: Exmh version 2.1.1 10/15/1999 iD8DBQE7Lw1zi4UHNye0ZOoRAkuiAKCPcvq+v50TVJ1yvoHTv7bvrqaKEACg1L12 cpMAlQsuJjV90ZJ6tXF1PUU= =YBPa -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 07:38:23 PDT