Previously Ruud de Rooij wrote:
> (of course, this attack can be prevented using mount options to
> disable setgid executables on all filesystems where users have write
> access)
In which case they just keep a filehandle open and use that later on.
You could also simply start a screen session whil
Ruud de Rooij <[EMAIL PROTECTED]> wrote:
>
> (of course, this attack can be prevented using mount options to
> disable setgid executables on all filesystems where users have write
> access)
But the user can still leave a process running with the privileges after he
logs out. Now whenever he logs
On Thu, Mar 16, 2000 at 09:39:41PM +0100, Marco d'Itri wrote:
> On Mar 16, Michael Stone <[EMAIL PROTECTED]> wrote:
> >Which is a waste of effort if the user can create a sgid shell.
> Do you really mount user-writeable directories without the "nosuid"
> option?
1. Depends on the environment. Unf
On Mar 16, Michael Stone <[EMAIL PROTECTED]> wrote:
>Which is a waste of effort if the user can create a sgid shell.
Do you really mount user-writeable directories without the "nosuid"
option?
--
ciao,
Marco
Radovan Garabik <[EMAIL PROTECTED]> writes:
> On Thu, Mar 16, 2000 at 01:43:22AM +0100, Bernd Eckenfels wrote:
> > BTW: there is a idea for settig groups for console access to devices
> > like cdrom, floppy, sound, mic, cam... so each user who logs into the
> > sonsole will get added to that group
On Thu, Mar 16, 2000 at 01:43:22AM +0100, Bernd Eckenfels wrote:
> On Wed, Mar 15, 2000 at 01:12:49PM +0100, Volker Ossenkopf wrote:
...
>
> BTW: there is a idea for settig groups for console access to devices
> like cdrom, floppy, sound, mic, cam... so each user who logs into the
> sonsole will
On Thu, Mar 16, 2000 at 01:43:22AM +0100, Bernd Eckenfels wrote:
> BTW: there is a idea for settig groups for console access to devices
> like cdrom, floppy, sound, mic, cam... so each user who logs into the
> sonsole will get added to that groups, then your program does not need to be
Which is a
On Wed, Mar 15, 2000 at 01:12:49PM +0100, Volker Ossenkopf wrote:
> I need some advice to solve a recent bug report regarding a
> frozen package.
You could make it suid to a user who has 2 additional groups. In that case
the program should reset its uid after the devices are open (same would be
t
hi,
> The program needs rx-permissions for a device belonging to the
> cdrom group and rw-permissions for a device belonging to the
> audio group.
>
> Any ideas?
users using your program and thus being able to access the
sound / cdrom hardware should be in the cdrom+audio group
for themself
its
I need some advice to solve a recent bug report regarding a
frozen package.
The program needs rx-permissions for a device belonging to the
cdrom group and rw-permissions for a device belonging to the
audio group. Until now the program is sgid cdrom to work
correctly with the cdrom-device without
10 matches
Mail list logo
