-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
On Mon, 18 Jun 2001 19:11:20 +0200,
Paul Starzetz <[EMAIL PROTECTED]> wrote:
>there is a symlink handling problem in the pcp suite from SGI. The
>binary pmpost will follow symlinks, if setuid root this leads to instant
>root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE
>package, though).
It would have been nice if you had informed SGI about this problem
before mailing to bugtraq.
As a temporary workaround, remove setuid from pmpost. Any PCP events
from pmie running as a user will not be logged, this is unlikely to be
a problem. A full patch will be available tomorrow, after it has been
reviewed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: Exmh version 2.1.1 10/15/1999
iD8DBQE7Lw1zi4UHNye0ZOoRAkuiAKCPcvq+v50TVJ1yvoHTv7bvrqaKEACg1L12
cpMAlQsuJjV90ZJ6tXF1PUU=
=YBPa
-----END PGP SIGNATURE-----
