Dear All,
Richard L Jackson Jr <rjackson_at_osf1.gmu.edu> sent a nice summary for the
symlink attack patch status on DU4.0x but another BUGTRAQ suggestion
(sorry I can't find the original message) appears to give a good temporary
fix against this hole.
Simply remove the world read permission from the offending SUID programs.
This seems to have the effect of stopping anyone forcing a core dump of
those nasty priveleged programs without any obvious bad side effects.
PLEASE DON'T rush off and do this until we have a concensus as to whether
this is really a harmless way of blocking this problem. It certainly
looks better than completly disabling core dump via the kernel.
I'll send back a prompt summary when the votes are in.
All the best,
-Will
Computer Science Department | mail: W.Flett_at_dcs.rhbnc.ac.uk
Royal Holloway, University of London | talk: +44 1784 443428 (direct)
Egham, Surrey TW20 0EX, England | fax: +44 1784 439786
Received on Tue Apr 21 1998 - 12:35:56 NZST