> > well i have gone through the Security HOWTO ... was just goin through
the
> > code Kiran had posted as a S.Hole in Red Hat Linux and was wondering is
the
> > a workaround for it?
>
> Workaround wot? Either modify the source code or get the updates from
> redhat. That's the only workaround.
He must have been referring to the actual workaround within the userhelper
code. There are two methods I see to this:
1. Disallow execution of any commands with double-dots in the file name
(this was the method used by the code).
2. Check that the file you are executing is owned by root.
Both the methods used together account for better security.
Everybody: There is an update available to the userhelper progra,. Download
the usermode package from ftp://updates.redhat.com/6.1
Kiran Jonnalagadda
http://lunateks.com
To subscribe / unsubscribe goto the site www.ilug-bom.org ., click on the mailing list
button and fill the appropriate information
and submit. For any other queries contact the ML maintener
