[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: We just appeared on BUGTRAQ
From: Waldo Bastian <bastian () kde ! org>
Date: 2000-05-29 0:20:52
[Download RAW message or body]
On Sun, 28 May 2000, Daniel Naber wrote:
> On Mon, 29 Mai 2000, Geert Jansen wrote:
> > Anyway, it is fixed now. It might be a good idea to give kdesud (and
> > the other suid/sgid programs) a security audit before KDE2.0..
>
> Can you make a list of these programs? I wouldn't even know what
> programs to audit now...
>
> Regards
> Daniel
All programs that install with a suid or sgid bit.
According to grep "chmod" that are:
* kdebase/kdesu/kdesud
* kdebase/konsole/konsole_grantpty
* kdenetwork/kppp
kscd might be a good candidate as well, since it does a chmod 0777 on some
stuff.
Note that sometimes a distribution decides to install a program with sgid bit
(e.g. kscd on SuSE) while KDE itself does not. I guess it is the
responsibility of the distribution to check those programs itself.
Cheers,
Waldo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic