Dependency reciprocity : real world problem with httpd and httpd-suexec
linux_4ever at yahoo.com
Tue Sep 7 23:47:35 UTC 2004
>>If you download a package from a 3rd party that has buffer overflows and
>>is setgid, you now have a buggy program with buffer overflows running as root.
>Not sure about that - it should certainly not set the setuid bit
You don't need the setuid bit of root to start with. The setgid bit of root is
just enough wiggle room on most systems to compromise the whole thing in a few
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the devel