[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FW: [cobalt-security] Local Root exploit

Subject: Re: FW: [cobalt-security] Local Root exploit
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 23 Sep 2002 15:43:57 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 2002-09-23 at 14:33, Michael Stauber wrote:
> > Turning off suid privileges on /usr/lib/authenticate means apache won't be
> > able to authenticate users anymore.
> > So, you won't be able to access admin console.
> 
> That's not correct. 
> 
> I have removed the SUID bit on /usr/lib/authenticate on all my RaQs and and 
> still everything except Frontpage works. I don't use Frontpage, so I'm still 
> a happy camper.

That admin console still works is apparently a side effect of admserv
running with root uid.  Under "regular" apache you will be unable to use
PAM authentication because /etc/shadow will become unreadable.  E.g. you
won't be able to access /stats/ directories of individual virtual
servers.

Eugene

Follow-Ups:
- Re: FW: [cobalt-security] Local Root exploit
  - From: Admin 2be4u Internetdiensten
- Re: FW: [cobalt-security] Local Root exploit
  - From: Michael Stauber

References:
- Re: FW: [cobalt-security] Local Root exploit
  - From: Brett Wright
- Re: FW: [cobalt-security] Local Root exploit
  - From: Rene Luria
- Re: FW: [cobalt-security] Local Root exploit
  - From: Michael Stauber

Prev by Date: Re: FW: [cobalt-security] Local Root exploit
Next by Date: Re: FW: [cobalt-security] Local Root exploit
Previous by thread: Re: FW: [cobalt-security] Local Root exploit
Next by thread: Re: FW: [cobalt-security] Local Root exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index