Hi, after seeing http://akat1.pl/?id=2 (local root escalation), I removed the setuid flag on the mail.local on all netbsd builders who were up. Since we are not using mail for anything, i suspect this should cause any trouble.
For reference, I used this: $ ansible -i /tmp/host -u root -m shell -a 'chflags nouchg /usr/libexec/mail.local && chmod -s /usr/libexec/mail.local && chflags uchg /usr/libexec/mail.local' all -e "ansible_python_interpreter=/usr/pkg/bin/python2.7" with this lists of hosts: $ cat /tmp/host [netbsd] netbsd0.cloud.gluster.org netbsd7.cloud.gluster.org nbslave70.cloud.gluster.org nbslave70.cloud.gluster.org nbslave79.cloud.gluster.org nbslave71.cloud.gluster.org nbslave7c.cloud.gluster.org nbslave72.cloud.gluster.org nbslave7g.cloud.gluster.org nbslave74.cloud.gluster.org nbslave7h.cloud.gluster.org nbslave75.cloud.gluster.org nbslave7i.cloud.gluster.org nbslave77.cloud.gluster.org nbslave7j.cloud.gluster.org howver, nbslave72.cloud.gluster.org and nbslave71.cloud.gluster.org seems to be down, I know nigel is looking at it, so I will let him take care of them. -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gluster-infra mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-infra
