----- Forwarded message from Oystein Viggen <[EMAIL PROTECTED]> ----- > From: Oystein Viggen <[EMAIL PROTECTED]> > Reply-To: Oystein Viggen <[EMAIL PROTECTED]> > User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Arches) > Date: Tue, 15 Aug 2000 12:56:35 +0200 > To: [EMAIL PROTECTED] > Subject: Trustix security advisory - apache-ssl > > Hi > > Due to a typo in the rpm spec file for apache-ssl, /usr/sbin/httpsd on a > Trustix system will be installed with mode 756 instead of 755, making a > binary file that will be run by root world writable. It should not be > necessary to explain why this is an extremely bad thing. > > How this bug slipped through our testing I can not explain, but it is > easily removed by doing "chmod 755 /usr/sbin/httpsd". A new rpm package > has been made availible on our ftp site. > > i586 RPM: > >ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/apache-ssl-1.3.12_1.39-7tr.i586.rpm > > SRPM: > >ftp://ftp.trustix.com/pub/Trustix/updates/1.1/SRPMS/apache-ssl-1.3.12_1.39-7tr.src.rpm > > I'll go stand in a corner with a brown paperbag over my head now... > > Humbly, > Oystein > -- > TSL developer > > ----- End forwarded message ----- -------------------------------------------------------------------------- Utk berhenti langganan, kirim email ke [EMAIL PROTECTED] Informasi arsip di http://www.linux.or.id/milis.php3 Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
