On Mon, Sep 24, 2001 at 09:01:21PM +0100, Philip Rowlands wrote:
> On Mon, 24 Sep 2001, Statux wrote:
>
> >Watch what you SUID root. You don't need to SUID traceroute since it
> >doesn't require root permissions,
> Not true; try "cp /usr/sbin/traceroute .; ./traceroute mit.edu" as an
> unpriviledged user.
>
> >Doesn't matter anyway since you shouldn't allow this kind of access to
> >regular users.
> This is for me only, on my laptop. Other users aren't an issue.
Another user can log in from the internet and
then use your SUID tcpdump to become root, etc.
It can happen if you connect to a network or the internet
and you aren't protected by a good firewall.
Jan Carlson janc at kubwa dot com
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
