[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [cobalt-security] Local Root exploit
- Subject: Re: FW: [cobalt-security] Local Root exploit
- From: "Admin 2be4u Internetdiensten" <admin@xxxxxxxx>
- Date: Mon, 23 Sep 2002 14:00:40 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
K, i seen so much info about the local root exploit that i am more confused
than when i saw that there was a exploit.
Can someone please give a good answer what to do so that still everything
works fine.
Michel
----- Original Message -----
From: "Eugene Crosser" <crosser@xxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, September 23, 2002 1:43 PM
Subject: Re: FW: [cobalt-security] Local Root exploit
> On Mon, 2002-09-23 at 14:33, Michael Stauber wrote:
> > > Turning off suid privileges on /usr/lib/authenticate means apache
won't be
> > > able to authenticate users anymore.
> > > So, you won't be able to access admin console.
> >
> > That's not correct.
> >
> > I have removed the SUID bit on /usr/lib/authenticate on all my RaQs and
and
> > still everything except Frontpage works. I don't use Frontpage, so I'm
still
> > a happy camper.
>
> That admin console still works is apparently a side effect of admserv
> running with root uid. Under "regular" apache you will be unable to use
> PAM authentication because /etc/shadow will become unreadable. E.g. you
> won't be able to access /stats/ directories of individual virtual
> servers.
>
> Eugene
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>