[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [cobalt-security] Local Root exploit
- Subject: Re: FW: [cobalt-security] Local Root exploit
- From: Rene Luria <operator@xxxxxxxxxxxxx>
- Date: Mon, 23 Sep 2002 13:21:13 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Excuse-me sir, I reformulate:
turning off suid privileges prevent users from beeing authenticated
outsite admin console.
So how did you test it?
Because, as I see, you can still access admin ui, ok.
But what about pages on a normal website?
Did you really test it?
Michael Stauber wrote:
|>Turning off suid privileges on /usr/lib/authenticate means apache won't be
|>able to authenticate users anymore.
|>So, you won't be able to access admin console.
|
|
| That's not correct.
|
| I have removed the SUID bit on /usr/lib/authenticate on all my RaQs
and and
| still everything except Frontpage works. I don't use Frontpage, so I'm
still
| a happy camper.
|
- --
Rene Luria <operator@xxxxxxxxxxxxx>
Unix Administrator - Infomaniak Network SA
PGP key DFE5C340 at keyserver.pgp.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE9jvkpJ1jvMN/lw0ARArBYAKCdakIlRIpE2KXpncANP0MhxKDMXwCfZzgU
XtX7HO3FCPblnQ084+B4nJ0=
=RYMG
-----END PGP SIGNATURE-----