Tuesday, October 11, 2005

Progress suid security problem

The SUID (Set User ID) issue seems to be one which has been detected in the past. Here's a page explaining it.

Details:

  • UNIX. There are lots of posts on the dangers of SUID/SGID.
  • Latest versions of Progress 8.3 and Progress 9.1.
  • Possible solution which they provide is to remove the suid bit from the binary but that that may compromise normal operation. My guess is that this would definitely blow functionality because the whole reason the sticky bit is set is to allow users to mod files via the database system.

0 Comments:

Post a Comment

<< Home