22 Oct
2001
22 Oct
'01
10:26
Gerd Bitzer wrote:
removing the suid from newgrp was the first thing I did after reading about this weakness. I have not noticed anything negative since doing this (but I have also not generated new groups meanwhile ;-).
Well, it's "newgrp" not "groupadd". This program gives you a shell with a new gid IIRC. I think this can easily be renamed or given new permission to defeat script-kiddies. Peter