[cobalt-users] suid perl - 2 month old hazard

[Barbara - <thebizworkers@xxxxxxxxx>]

>Why would you remove the compilers?

To avoid the possibility of Trojan horses and other
various exploits running wild. An example could be our
current topic. Without gcc and make on the system the
exploit is pretty much null and void. The author notes
in the code that both are needed to piece it all
together and make it work.

>How do you compile code without one?

:-) Well I don't on my production servers. When I
first setup a machine, I setup all the standard toys
like Portsentry, Logcheck, Counter programs, etc. Then
I then remove a bunch of RPM's (many, many RPMs),
including all the compliers. Then I make a dozen or so
other security tweaks, add the firewall, mix well,
then serve up to the chil-den for din-din. :-)

>[root@fsn2 /root]# ls -la /usr/bin/suidperl
>-rwx--x--x   2 root     root       517916 Apr  6 
>1999 /usr/bin/suidperl
>It's not set on my RaQ3

Arghhh... I was afraid it was going to be NeoMail.
Well I just disabled it on my boxes and reset
permissions on suidperl back to -rwx--x--x. I'll have
to think about how to proceed more tomorrow. I'm tired
and the last thing I want tonight is to be worrying
about some new security problem. Just better to kill
the problem child and come back and play some more
later.  :-)



__________________________________________________
Do You Yahoo!?
Find the one for you at Yahoo! Personals
http://personals.yahoo.com