Hi Rene, > Excuse-me sir, I reformulate: > turning off suid privileges prevent users from beeing authenticated > outsite admin console. > > So how did you test it? > Did you really test it?
Geeee ... no, I exclusively post only half cooked and untested ideas to mailing lists. ;o) Seriously: I tested it the usual way: "chmod 755 /usr/lib/authenticate" the first minute I saw the report on bugtraq. I then tested the admin interface and a htaccess protected web folder on that server and they still worked fine. I then implemented the fix on all my RaQs and even though some of the boxes host up to 75 domains of various cusomers there have been no complains yet - in two or three weeks? Around that figure. So for all *my* usualy purpose and that of my webhosting customers nothing is broken. As said: Nobody around here uses Frontpage and if they did then I'd say: "Not my problem - this ain't a Mickeysoft server!" Anyway, what's the problem? You can always go back by setting the SUID bid on /usr/lib/authenticate if the fix doesn't work for you <shrug>. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
