I have just picked up the dxconsole security fix SSRT0358 mentioned in CERT
bulletin VB-96.05.
The patch consists of a replacement binary of the setuid-root program
dxconsole, it being alleged that the original has a bug allowing users to gain
root privilege.
However the installation instructions explicitly recommend that the old
program be preserved as "dxconsole.orig", without removing the setuid bit or
taking any other precautions to make the binary inaccessible.
How does this remove any security hole it might have?
Am I missing something here?
--
Martyn Johnson maj_at_cl.cam.ac.uk
University of Cambridge Computer Lab
Cambridge UK
Received on Thu Apr 04 1996 - 11:17:29 NZST