In <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Alexander L. Belikoff)
writes:
> So?! Just make all SUID binaries mode 4750 belonging to some
> designated group (suid) and make only _trusted_ users members of that
> group. Of course, the untrusted guys will have problems changing
> passwords / running a mail queue on their own, but that is not such a
> big deal as having someone playing with a most recent root shell
> exploit.
What about setgid programs?
Assuming you count them as well, your blanket suggestion also makes
it impossible to do lots of other things beside ``changing passwords /
running a mail queue''.
And it doesn't deal with security holes that don't stem from setuid
applications.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
