Re: [RHSA-2001:078-05] Format string bug fixed

From: Petri Kaukasoina (kaukasoiat_private)
Date: Mon Jun 25 2001 - 22:26:44 PDT

Next message: kangoo: "MacOSX 10.0.X Permissions uncorrectly set"

Previous message: bugzillaat_private: "[RHSA-2001:086-06] New Samba packages available for Red Hat Linux 5.2, 6.2, 7 and 7.1"
In reply to: helmut g. katzgraber: "RE: [RHSA-2001:078-05] Format string bug fixed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 22, 2001 at 02:02:23PM -0700, helmut g. katzgraber wrote:
> has the rpm offered on the lprng site also the same problems as the redhat
> one (advisory RHSA-2001:077-05)?

According to the redhat advisory, the problem is:

"LPRng fails to drop supplemental group membership at init time, though it
does properly setuid and setgid. The result is that LPRng, and its children,
maintain any supplemental groups that the process starting LPRng had at the
time it started LPRng. This is a security risk."

root is the only one that can start lpd in the first place. So I guess in
redhat root belongs to some supplemental groups. If this is the case, I
would just remove root from all the supplemental groups in /etc/groups.

Next message: kangoo: "MacOSX 10.0.X Permissions uncorrectly set"
Previous message: bugzillaat_private: "[RHSA-2001:086-06] New Samba packages available for Red Hat Linux 5.2, 6.2, 7 and 7.1"
In reply to: helmut g. katzgraber: "RE: [RHSA-2001:078-05] Format string bug fixed"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 12:02:16 PDT