Hi there,
A set of security vulnerabilities have been found in the current (as well
as older) versions of the glibc that most modern Linux distributions are
based on.
All vendors (also those who have provided patches already) are currently
working on fixed packages.
Interim solution to the security problems: Disable _all_ sgid + suid
applications on the system.
Before doing that, make sure that you know all file modes of your programs
so that you wil lbe able to restore them upon completing the glibc update
procedure to be announced shortly: Record the relevant settings of your
permissions as follows (command to be executed as root):
find / -type f \( -perm +4000 -o -perm +2000 \) -ls > /find-suid-ls
-------------------------------
In order not to be vulnerable to the know security problems of glibc, it
would be necessary to remove all suid/sgid bits from your applications.
This can be done in a fairly easy way using variations of the above
find command such as: `find / -type f \( -perm +4000 -o -perm +2000 \) -exec chmod -s {} \;'
Make sure that SuSEconfig (and `chkstat' therein) cannot be executed
accidentially because the permissions would get reverted to the original
(flawed) settings. Yast executes SuSEconfig after the package set
configuration has been changed (after packages have been installed)!
A solution like this might not be applicable to most installations in the
wild. The update packages (to be released shortly) are the right solution
in this case. Please follow the instructions in the security advisory to
come.
Thank you,
Roman Drahtmüller.
--
- -
| Roman Drahtmüller