[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: suid perl - 2 month old hazard

Subject: [cobalt-users] Re: suid perl - 2 month old hazard
From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
Date: Thu Nov 15 22:48:06 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Yah,

I've just checked my version of suidperl...

> ls -la /usr/bin/suidperl
-rws--x--x   2 root     root       517916 Apr  6  1999 /usr/bin/suidperl

I also have neomail installed. Now can someone please clarify (pacify me
really - window$ user) if this is an issue or not. I've read Jeff's post...

>>For this exploit to work, you need to have /usr/bin/suidperl setuid.  We
do not ship suidperl setuid.  We do ship the binary, but purposely
removed the suid bit on the program because it was not needed.  This
exploit will not work unless you have changed permissions on the
suidperl binary.<<

So is suidperl okay as is even though it looks like Neomail changed it?
Do I have to disable Neomail and change permission of suidperl?

Can I carry on as a happy camper and keep the troops happy with their
Neomail service.

Regards from Auckland

Chae

Follow-Ups:
- Re: [cobalt-users] Re: suid perl - 2 month old hazard
  - From: flash22

Prev by Date: RE: [cobalt-users] Is a firewall necessary with a RaQ?
Next by Date: RE: [cobalt-users] Manually installing a package
Previous by thread: RE: [cobalt-users] suid perl - 2 month old hazard - NEW NEOMAIL UPDATE
Next by thread: Re: [cobalt-users] Re: suid perl - 2 month old hazard

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index