On Sat, Sep 08, 2001 at 17:43:04 -0700, Kris Kennaway wrote:
> On Sat, Sep 08, 2001 at 05:02:57PM -0700, Kris Kennaway wrote:
> > Looks like setting the schg flag is the only feasible containment
> > solution for now.
> Here's a proposed fix. It just disallows anyone other than root from
> specifying an alternate configuration file, for the setuid utilities
> (which was the cause of the vulnerability here, AFAIK).
What you try to fix this way? It brokes normal users dialing to theirs
systems, they always specify their own files. Consider uu* as user level
utilities. The only point of restriction is restrict their access to
dialing devices, not to utulities.
Andrey A. Chernov
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message