> > Are the following steps enough to prevent me? > > > > # for user in user1 user2 .... ; do > > mkdir -p ~$user/lib ~$user/usr/lib ~$user/etc > > chflags sunlink,schg ~$user/lib ~$user/usr ~$user/usr/lib ~$user/etc > > done > > # > > Yes that should be sufficient workaround.
I'd modify that to also check that the directories don't already exist, and delete/rename them if they do. Currently, (if you ignore error messages) your script will not fix users who already potentially exploit the issue. Cheers, Jamie _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
