Security advisory for removing setuid programs.

Archaic archaic at indy.rr.com
Tue Nov 25 09:34:19 PST 2003


On Tue, Nov 25, 2003 at 09:17:49PM +0500, Alexander E. Patrakov wrote:
> On Tuesday 25 November 2003 15:22, ashes wrote:
> > This is from recent kernel and coreutils mailing lists.
> 
> No, this is the correct answer to the contest conducted by Brian Hatch:

It's also from full disclosure and bugtraq. He may very well have gotten
it from any number of lists.

> I sent my reply at Fri, 14 Nov 2003 20:52:00 +0500 with exactly the same 
> scenario.

Which, if that's the answer, shows how important it is to go beyond what
a distro installs (including LFS, BLFS) and to learn security practices
(like moving /home to another partition), not just keeping packages up
to date.

CC'ing to lfs-security as it seems to be beyond the scope of the book.
(Which make me wonder if there would be any support for creating an SLFS
book that went through and systematically hardened an LFS/BLFS system
step-by-step.)

-- 
Archaic

I cannot undertake to lay my finger on that article of the Constitution
which grant[s] a right to Congress of expending, on objects of
benevolence, the money of their constituents.

- James Madison, 1794




More information about the lfs-security mailing list