[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [cobalt-security] Local Root exploit
- Subject: Re: FW: [cobalt-security] Local Root exploit
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 23 Sep 2002 15:43:57 +0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Mon, 2002-09-23 at 14:33, Michael Stauber wrote:
> > Turning off suid privileges on /usr/lib/authenticate means apache won't be
> > able to authenticate users anymore.
> > So, you won't be able to access admin console.
>
> That's not correct.
>
> I have removed the SUID bit on /usr/lib/authenticate on all my RaQs and and
> still everything except Frontpage works. I don't use Frontpage, so I'm still
> a happy camper.
That admin console still works is apparently a side effect of admserv
running with root uid. Under "regular" apache you will be unable to use
PAM authentication because /etc/shadow will become unreadable. E.g. you
won't be able to access /stats/ directories of individual virtual
servers.
Eugene