On Wednesday, October 17, 2001, at 10:23 AM, [EMAIL PROTECTED] wrote:
> First off, you shouldn't have ANYTHING out there that's SUID root except > carefully placed apps. > Secondly, in order to run the NetInfo manager, you usually have to > authenticate by clicking on that lock icon. > Once you do that, I guess your permissions "stick" for an unspecified > amount of time... > > Terminal.app should definately NOT be SUID or SGID. The exploit in question doesn't require authenticating in NetInfo Manager to use. This is a legitamate problem with SUID apps that Apple will have to address soon. There's an article on stepwise about it that has more details. Cheers, --Ed
