[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] suid perl - 2 month old hazard

Subject: Re: [cobalt-users] suid perl - 2 month old hazard
From: flash22@xxxxxxx
Date: Thu Nov 15 05:15:58 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 14 Nov 2001, Rusty Wilson wrote:

> 
> --- flash22@xxxxxxx wrote:
> > 
> > As an aside, the Raq2 i looked at, does have neomail on it, I
> > am playing with it without +s to see if it really needs it set, I
> > suspect
> > it doesn't , not sure yet tho...
> > 
> > gsh
> Hi all,
> 
> I posted a question that may have gotten lost in a tangent
> conversation. Please forgive the repost but I am very interesteed in
> hearing what anyone has to offer.
> 
> I am running Neomail on one of my RaQ 4i servers, and sure enough the s
> bit is set (its not set on any of my other plain vanillia RaQs).
> 
> QUESTION:
> Is there anything I can do that protects me from the exploit, AND
> allows me to keep Neomail running?

I dunno, other than a provate copy of a newer perl, but see if it actually
needs +s, I have been playing with neomail on the Raq2, and as far as i
can
tell , it doesn't need perl suid at all, i can read new messages, delete
old ones from private folders, send new mail, it seems perfectly happy...
Of course, that dosn't mean the raq4 version willbe, depends how the cgi's
are wrapped for the server...but this is the whole point of cgi-wrap...

You can always put the +s back f you find you need it ;)

gsh

References:
- Re: [cobalt-users] suid perl - 2 month old hazard
  - From: Rusty Wilson

Prev by Date: Re: [cobalt-users] Can't load mysql with php
Next by Date: Re: [cobalt-users] Images not loading.
Previous by thread: Re: [cobalt-users] suid perl - 2 month old hazard
Next by thread: [cobalt-users] RaQ2 emergency help

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index