Check these out, and see if you are left with any more-specific questions: http://www.securityfocus.com/advisories/6599
http://www.securityfocus.com/advisories/6584 http://www.securityfocus.com/advisories/6513 http://www.securityfocus.com/advisories/6450 This older vuln-dev message pertains also. The author, Cripin Cowan, works up near Portland and is part of the C.R.I.M.E. group up there: http://www.securityfocus.com/archive/82/163951 The gist of it is that many programs must have some amount of root-level capabilities to function properly, which can allow for an exploit involving said program to allow the user to become root, by the same means that the program takes root privileges... shouldn't happen, but it can. This is only a real problem on a shared-but-inaccessible system. If you are the only user, or if every user has physical access to the machine, then it is sort of a moot point, since it is trivial to boot knoppix or similar and reset the root password, or do anything on that system (as root or otherwise). It matters most for things like a simple pop-mail server. All too many are setup so that pop users can actually login, which is usually not desirable for exactly these reasons -- *and* especially a concern in that situation, since pop passwords are usually flying around the 'net in plaintext, where they can be grabbed and tested for shell login on the host... if someone bad found that, then you'd have an intruder looking for their setuid exploit, to root the mailserver. (as an example) Hope this helps, Ben On Thu, 29 Apr 2004 14:20:31 -0700 Rob Hudson <[EMAIL PROTECTED]> wrote: | I see some security warnings about local users can gain root via a | setuid exploit... | | There is a bug in [package] which may allow local users to gain root | via a setuid file... | | How does this work? _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
