Special thanks to
Stephen LaBelle <labelles_at_mscd.edu>
Richard L Jackson Jr <rjackson_at_portal.gmu.edu>
who replied with the following....
Patch kit #7 is now available. It may be easier to install the patch kit
than change permissions. Visit
ftp://ftp.service.digital.com/public/osf/v4.0b
I will check this out later today.
Thanks again,
Britt
Britton Johnson writes:
>
>
> Hello gurus,
> This thread has been wrapped up very neatly, but I had one more
> question. Please forgive any "cluelessness" in advance. The consensus
> was that Yes, removing other read permissions looks like it works and
> noone has seen any negative effects... however, is it just read access one
> should remove or should I also remove other execute access? Like I said,
> I'm somewhat new to this and was trying to be perfectly clear.
>
>
> > > I contacted Digital CSC and was informed there may not be a patch for
> > > Digital UNIX 4.0B at this time but the engineer suggested a work
> > > around. Basically, turn on Enhanced C2 security and disable the
> > > creation of core files [ ... ]
> >
> > For those who feel this may be a little too drastic, or otherwise
> > inconvenient, you might simply want to remove "other" read permission on
> > your SUID binaries. As it happens, a program won't dump core if the user
> > can't read the binary.
>
Received on Thu May 14 1998 - 16:39:08 NZST