Its not s[ug]id anything on the three machines I just checked. Are
you sure you didn't set that bit yourself?
Justin
On Sat, Mar 05, 2005 at 02:15:46AM -0800, Chris Wedgwood wrote:
> Package: mpg321
> Version: 0.2.10.3
> Severity: critical
> Tags: security
>
> mpg312 is installed setuid root pr
Package: mpg321
Version: 0.2.10.3
Severity: critical
Tags: security
mpg312 is installed setuid root probably to do scheduler magic or
whatever (didn't check). Anyhow, this means you can invoke it using
"mpg321 -w /etc/passwd foo/mp3" or whatever.
For now I would suggest we remove the suid bit (c
2 matches
Mail list logo
