[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [cobalt-security] Local Root exploit
- Subject: Re: FW: [cobalt-security] Local Root exploit
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Mon, 23 Sep 2002 13:57:57 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Rene,
> Excuse-me sir, I reformulate:
> turning off suid privileges prevent users from beeing authenticated
> outsite admin console.
>
> So how did you test it?
> Did you really test it?
Geeee ... no, I exclusively post only half cooked and untested ideas to
mailing lists. ;o)
Seriously: I tested it the usual way: "chmod 755 /usr/lib/authenticate" the
first minute I saw the report on bugtraq. I then tested the admin interface
and a htaccess protected web folder on that server and they still worked
fine.
I then implemented the fix on all my RaQs and even though some of the boxes
host up to 75 domains of various cusomers there have been no complains yet -
in two or three weeks? Around that figure.
So for all *my* usualy purpose and that of my webhosting customers nothing is
broken. As said: Nobody around here uses Frontpage and if they did then I'd
say: "Not my problem - this ain't a Mickeysoft server!"
Anyway, what's the problem? You can always go back by setting the SUID bid on
/usr/lib/authenticate if the fix doesn't work for you <shrug>.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer