Dependency reciprocity : real world problem with httpd and httpd-suexec
Steve G
linux_4ever at yahoo.com
Tue Sep 7 23:47:35 UTC 2004
>>If you download a package from a 3rd party that has buffer overflows and
>>is setgid, you now have a buggy program with buffer overflows running as root.
>
>Not sure about that - it should certainly not set the setuid bit
You don't need the setuid bit of root to start with. The setgid bit of root is
just enough wiggle room on most systems to compromise the whole thing in a few
steps.
-Steve Grubb
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the fedora-devel-list
mailing list