Re: wrong group set when sftp
From: Darren Tucker (dtucker_at_zip.com.au)
Date: 05/30/05
- Previous message: security security: "Re: wrong group set when sftp"
- In reply to: security security: "Re: wrong group set when sftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 May 2005 23:34:37 +1000 To: security security <security.intrusion@gmail.com>
security security wrote:
> yes, you're right. it was set guid and set uid
>
>>ls -l
> -rwsr-sr-x 1 root root 167805 May 19 09:29 sftp-server
>
> When changed setguid and setuid to x, everything seems to be ok. The
> user and group id's are correct in /proc/pid/status.
The next question is: how did it get that way? The main distribution
definitely doesn't install sftp-server with those permissions. If it
came out of a vendor package like that way then it's a serious bug which
you ought to report to the vendor. If not then you have someone
creating setuid binaries on your system which is usually bad news...
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Previous message: security security: "Re: wrong group set when sftp"
- In reply to: security security: "Re: wrong group set when sftp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
