Josip Rodin wrote:
> On Thu, Sep 12, 2002 at 06:28:14PM +0200, Marco van Berkum wrote:
> > By default xbreaky is installed as suid and can be abused to overwrite any
> > file on the filesystem, by any user.
>
> I used to maintain the Debian package of xbreaky, and it never had any
> setuid bit set, especially not setuid root. So, to spell it out,
> Debian is not vulnerable to this problem.
Neither is NetBSD so it seems.
OpenBSD 3.0's tree installs it as suid though. So does source install of course.
Cheers,
Marco van Berkum
--
find / -user your -name base -exec chown us:us {}\;
----------------------------------------
| Marco van Berkum / MB17300-RIPE |
| m.v.berkum@obit.nl / http://ws.obit.nl |
----------------------------------------
