Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Nov 2004 15:40:30 -0800
From: "Anthony D. Urso" <>
Subject: Re: iSEC advisory about binfmt_elf

I have a kernel mod here:

... that allows binaries requiring RAW or PACKET sockets to be setgid
a configurable group instead of being setuid root.

It might save you some effort.

On Thu, Nov 11, 2004 at 08:58:26PM +0300, Solar Designer wrote:
> Yes, this does reduce the impact.  Especially if you ensure there're
> no SUID root binaries; on a default install of Owl (with tcb), it's
> sufficient to do:
> 	control ping wheelonly
> 	control traceroute wheelonly
> There're no other publicly-accessible SUID-roots by default.
> (And we're planning to deal with at least traceroute before the next
> release such that it won't require SUID root anymore.)


 PGP Key ID: 0x385B44CB
 Fingerprint: 9E9E B116 DB2C D734 C090  E72F 43A0 95C4 385B 44CB
    "Maximus vero fugiens a quodam Urso, milite Romano, interemptus est"
                                               - Getica 235

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.