AW: [suse-security] is it OK to disable newgrp
Hello Bob, removing the suid from newgrp was the first thing I did after reading about this weakness. I have not noticed anything negative since doing this (but I have also not generated new groups meanwhile ;-). Hello, I was wondering: while SuSE are working on the fixes to these latest kernel problems is it sensible to remove suid privilege from newgrp? What functionality would be lost? I realise that newgrp is not the culprit and that disabling it would not properly fix the problem, but it should be a useful protection against script kiddies. Bob ============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691 -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Gerd Bitzer wrote:
removing the suid from newgrp was the first thing I did after reading about this weakness. I have not noticed anything negative since doing this (but I have also not generated new groups meanwhile ;-).
Well, it's "newgrp" not "groupadd". This program gives you a shell with a new gid IIRC. I think this can easily be renamed or given new permission to defeat script-kiddies. Peter
participants (2)
-
Bitzer,Gerd
-
Peter Wiersig