On Thu, Jan 11, 2001 at 01:42:52AM +0200, Ari Saastamoinen wrote:
> On Wed, 10 Jan 2001, Pedro Margate wrote:
>
> > install the ssh binary as suid root by default. This can be disabled
> > during configuration or after the fact with chmod. I believe that would
>
> That exploit can use any suid root program which resolves host names. (For
> example ping and traceroute) So you cannot fix that glibc explot only by
> unsetting SUID bit of ssh client.
Or more properly, an suid root program which resolves host names _while still
holding root privileges_. ping from netkit and traceroute from LBNL do not
fall into this category. fping from SATAN, however, does.
--
- mdz
PGP signature
