[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] [SECURITY WARNING] All Neomail users

Michael, I understand your concern, but please be aware that any local user
is able to get root permissions if you leave suidperl suid. Please see:

http://www.securityfocus.com/archive/1/74168

With regards,

Taco Scargo

Professional Services Manager, EMEA

Sun Microsystems   Tel.  +31 (71) 565 7021
Sun Cobalt Server Appliances  taco.scargo@xxxxxxx
-
----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, November 16, 2001 10:46 PM
Subject: Re: [cobalt-security] [SECURITY WARNING] All Neomail users


> Hi Taco,
>
> I've installed Neomail 1.25-4 over 1.25-3 and I wonder about the following
> changes to my filesystem (Output generated from FCheck, which is a
Tripwire
> replacement):
>
> PROGRESS: validating integrity of /usr/
> STATUS:
> WARNING: [admin.smd.net] /usr/bin/sperl5.00503
> [Permissions: -rws--x--x - -rwx--x--x, Times: Sep 13 16:04 2001 - Nov
> 15 09:12 2001]
>
> WARNING: [admin.smd.net] /usr/bin/suidperl
> [Permissions: -rws--x--x - -rwx--x--x, Times: Sep 13 16:04 2001 - Nov
> 15 09:12 2001]
>
> Why does your Neomail PKG need to mess around with the SUID-bit of
suidperl?
> That's actually not that nice I'd say, as it (in my case) has the tendency
to
> break some custom stuff I've got on my machine.
>
> --
>
> Mit freundlichen Grüßen / With best regards
>
> Michael Stauber
>
> Stauber Multimedia Design ____ Phone: +49-6081-946240
> Eppsteiner Weg 9 ___ D-61267 Neu-Anspach ___ Germany
> SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>