similar to: Vulnerability of suid/sgid programs using libXt

The attached patch adds an option --drop-suid which caused rsync to drop setuid/setgid permissions from the destination files. ie, even if the source file is setuid, the target file will not be. Added as we want to rsync the same files to machines both inside and outside our firewalls. For machines inside the firewall some files should be suid, for machines outside the firewalls they should

i had a small query , whant is the difference between stickybit SUID and SGID , is there any proper site where i can get a clear understanding . -- Regards Agnello D'souza -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100709/c7c22588/attachment.html>

cxterm is a Chinese terminal emulator for the X Window System. It''s installed as suid-root by default if you did a make install. Just like xterm, it does needs to be suid to update /etc/utmp...blahblah... I discovered some buffer overflow bugs in it. The code attached below is the exploit. Quick fix? chmod -s /path/cxterm

This release is targeted for 7.2 RC2. Eric Anholt: Add more generated files to ignore. Fix .pc file with new autotools by using AC_DEFINE_DIR. git tag: libXt-1.0.4 http://xorg.freedesktop.org/archive/individual/lib/libXt-1.0.4.tar.bz2 MD5: 937735f342c046db239852fec0413f6c libXt-1.0.4.tar.bz2 SHA1: 3a7d7d390214876c925d5226ef3949b6c5bad6ce libXt-1.0.4.tar.bz2

libXt is the X Toolkit Intrinsics library used to build older generation toolkits such as Motif & Xaw. Alan Coopersmith (8): Revert "Avoid shadowing variables." If CFLAGS_FOR_BUILD is not set, include CWARNFLAGS in default value makestrs: use strchr() instead of index() makestrs: Replace malloc()+strcpy() calls with strdup() calls makestrs: Replace

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Build fixes and other minor janitorial work. Alan Coopersmith (4): Use make rules instead of shell for loops to generate shadow man pages Migrate to xorg macros 1.3 & XORG_DEFAULT_OPTIONS Replace AC_DEFINE_DIR with AX_DEFINE_DIR from Autoconf Archive libXt 1.0.7 Julien Cristau (1): Link against libICE Thomas

Alan Coopersmith (3): Get rid of some extraneous ; at the end of C source lines Update README for gitlab migration Update configure.ac bug URL for gitlab migration Benjamin Tissoires (3): Fix leaks detected by covscan dummy fix for covscan Fix covscan complain Emil Velikov (1): autogen.sh: use quoted string variables Fabrice Fontaine (1): libXt:

###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######. Secure Networks Inc. Security Advisory February 24, 1997

Hello. In the Samba by Example book theres a section called "Effect of Setting File and Directory SUID/SGID Permissions Explained", that shows an example of the effect of SUID/SGID bits. The SGID bit when setted in directories makes the files inherit the group owner, but I couldn't make the SUID bit on directories work, making files inherit the owner. The

Hi, I find that files (not directories) in an smbfs-mounted share always have the sgid bit set. I've looked in the FAQ and HOWTO but didn't see anything. I wonder if someone might suggest a way to fix it. The share is served from Windows 2003 SP2 and mounted on a Fedora 10 Linux machine (samba-client-3.2.5-0.23.fc10.i386) with this command line: mount //wcl-fp1/shared /mnt/shared -t

it's in syscall.c, not generator.c You'll have to save the status of the lstat, modify the mode in st, and return the lstat status. I don't know how to do it, though. #if SUPPORT_LINKS int do_lstat(const char *fname, STRUCT_STAT *st) { #if HAVE_OFF64_T return lstat64(fname, st); #else return lstat(fname, st); #endif } #endif Tim Conway tim.conway@philips.com

[Mod: Warning - we are hitting issues of security policy and that is not what we would like to see here --alex] Brian Koref said: > > Great input... > > As an investigator, many of the compromises I see involve systems > which are 2 to 3 years old. An old slackware box sitting on a .mil > domain, which some airman set up as a test machine. The airman gets > trasferred, and

Dear all, let consider the following function: Fun1 <- function() { library(lattice) plot1 <- 1:10~1:10 pl1 <- xyplot(plot1) return(pl1$call$x) } In R 2.5.0 (or older version) we have > Fun1() plot1 but starting from R 2.5.1 until the latest R 2.8.0 we obtain instead > Fun1() NULL because pl1$call seems to be equal to xyplot() without arguments. Something like

Hello, I'm trying to generate a log-log plot with ggplot. Within this plot, I would like to draw a straight line with the help of ggabline which does not work. The code is pl1 <- qplot(correlFunc, correlFunc.ref, data=all, log=c("xy")) pl1 <- ggabline(pl1, slope=1, intercept=0) print(pl1) ## no line in plot :( I can produce plots as I want, if I transform all values before

Hi, Recently once again an exploit for SuperProbe was posted to the bugtraq. That message was forwarded to linux-security and Rogier Wolff rejected it on the basis of the author of the SuperProbe (David Wexelblatt) comment that it was never intended to be suid. In general, there is absolutely no reason for programs that are supposed to be run only by root to be suid to root! If your

Posted on behalf of chenwj <stop4optimal at hotmail.com> who is having trouble posting. hi all, I'm completely new in R, and here are my questions (under windows): 1. i want to run my four R files (pl1.r -- pl4.r) in batch mode. i'd like to write a batch file using Rterm.exe, since i dont get perl installed on my computer. My experimental batch file (*.bat) didnt work, which

Hi All, I'm experiencing odd behaviour with various OpenGL apps I'm (trying to) use. I have an IBM Thinkpad X60s with the Intel GMA chipset, the 945GM to be precise. I have glxinfo/glxgears working normally, disabled composite in xorg.conf and everything seems fine. However, there are a few applications that I use that show rather strange behaviour that I think is related to the same

Hello, we use the SGID bit on Solaris for directories to force setting the given group from the directories above (not the primary group). If we create directories with Samba 2.0.7, the SGID bit will not set on the new directory. With Samba 2.0.6 and below all worked fine. Is there a work around or a bug fix available? Thx Sincerly yours Jochen Duemmel PS: we use Samba for a server

Dear developers, I discovered that directories created by scp when recursive copying into a sgid directory do not inherit the sgid bit. I believe this is a bug. A patch to fix this is attached. Regards, Petr Skovron -------------- next part -------------- --- scp.c.orig 2005-10-11 16:50:17.000000000 +0200 +++ scp.c 2005-10-11 16:57:25.000000000 +0200 @@ -876,8 +876,12 @@

hi all, I'm completely new in R, and here are my questions (under windows): 1. i want to run my four R files (pl1.r -- pl4.r) in batch mode. i'd like to write a batch file using Rterm.exe, since i dont get perl installed on my computer. My experimental batch file (*.bat) didnt work, which contains the following lines. however it works well when i pasted each single line to run in the