Any time you allow a user to execute a program with more permissions than the user has, if that program allows for shell escapes or has a buffer overflow or reads files the user can write to and executes commands based on those. Then you have a vulnerability.
You can mitigate this class of vulnerability by mounting some filesystems nosuid ; but this only works if there is no publicly available wrapper program like suidperl (for instance). you can't do this to / /bin or /usr/bin and the like but since regular users are prevented from writing there, they shouldn't be able to append their own code to those binaries. You can scan for suid programs (there are a couple of necessary ones) find /usr/bin/ -perm 4555 -print will give a list of some of the more common ones _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
