From: Felix Schulte (felix.schulte_at_gmail.com)
Date: Tue Apr 10 2007 - 20:20:44 CEST
Message-ID: <74f15d5f0704101120v3fd30fb2lcec91df16da9fcc1@mail.gmail.com> Date: Tue, 10 Apr 2007 20:20:44 +0200 From: "Felix Schulte" <felix.schulte@gmail.com> Subject: Re: [suse-sles-e] Security note: Multiple vulnerabilities in Suse ksh(93)
On 4/10/07, Alexei_Roudnev <Alexei_Roudnev@exigengroup.com> wrote:
> It is not low priority, but I dont know ANYONE who do allow running *sh
> without jailing or partitioning (and esp. on Linuxes - FreeBSD and
> Solaris are safer in this way).
>
> If someone have user's account on my server, I always trust him by some way.
> If I dont trust, I always jail this account (chroot, jail, and so on).
> It is an axiom for at least 10 year for now. Number of _local_
> vulnurabilities bnever been 0 on any Unix / Linux (except may be NetBSD).
IMO you're greatly underestimating the problem. Out of 37419 active
accounts on our university 2301 use /bin/rksh as log in shell to
restrict the users for various purposes. Unfortunately these accounts
now have a gaping security hole and even worse: It is a known,
published in the public and the vendor of the OS takes no action to
fix it.
--
_ Felix Schulte
_|_|_ mailto:felix.schulte@gmail.com
(0 0)
ooO--(_)--Ooo
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-sles-e-unsubscribe@suse.com
For additional commands, e-mail: suse-sles-e-help@suse.com
This archive was generated by hypermail 2.1.7 : Tue Apr 10 2007 - 22:24:32 CEST