Re: PCP exploit: pmpost - another nice symlink follower

pcp

Re: PCP exploit: pmpost - another nice symlink follower

To:	pcp@xxxxxxxxxxx
Subject:	Re: PCP exploit: pmpost - another nice symlink follower
From:	Jan-Frode Myklebust <janfrode@xxxxxxxxxxxxxxx>
Date:	Tue, 19 Jun 2001 09:01:11 +0200
In-reply-to:	<20010619081703.A15425@xxxxxxxxxxxxxxxxxxx>; from lemming@xxxxxxxxxxxxxxxxxxx on Tue, Jun 19, 2001 at 08:17:03AM +0200
Mail-followup-to:	pcp@xxxxxxxxxxx
References:	<20010619081703.A15425@xxxxxxxxxxxxxxxxxxx>
Sender:	owner-pcp@xxxxxxxxxxx

On Tue, Jun 19, 2001 at 08:17:03AM +0200, Michal Kara wrote:
>   I guess this is of a high importance for people on this list... If you don't
> need pmpost suided, just remove the suid bit and it'll be fine.
> 

I just verified this on IRIX (not the opensource
pcp), which also is vulnerable. Could somebody at 
sgi tell us the consequence of removing the suid 
bit here?

  -jf

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
PCP exploit: pmpost - another nice symlink follower, Michal Kara Re: PCP exploit: pmpost - another nice symlink follower, Jan-Frode Myklebust <= Re: PCP exploit: pmpost - another nice symlink follower, Mark Goodwin

Previous by Date:	PCP exploit: pmpost - another nice symlink follower, Michal Kara
Next by Date:	Re: PCP exploit: pmpost - another nice symlink follower, Mark Goodwin
Previous by Thread:	PCP exploit: pmpost - another nice symlink follower, Michal Kara
Next by Thread:	Re: PCP exploit: pmpost - another nice symlink follower, Mark Goodwin
Indexes:	[Date] [Thread] [Top] [All Lists]