TUCoPS :: Linux :: Discontinued :: oldap2~1.txt

OpenLDAP hole






    Christian Kleinewaechter found  following.  OpenLDAP  installs the
    ud binary in $binpath with mode 775 and default group (i.e. either
    you  primary  gid   or  the  directories   gid).  Of  course   the
    consequences depend on which group this actually is.

    This was checked with 1.2.11 (latest stable), but probably also
    exists in earlier versions, since the Makefile.in is dated


    Developers have been  notified and fixed  this issue (at  least in
    the CVS tree).  So either change the mode in line

        $(LTINSTALL) $(INSTALLFLAGS) -m 775 ud $(bindir)


        $(LTINSTALL) $(INSTALLFLAGS) -m 755 ud $(bindir)

    in clients/ud/Makefile.in (resp. clients/ud/Makefile if you  don't
    use  autoconf)  or  chmod  the  executable afterwards (or maybe do
    nothing at all if "default group" is a trusted group).

    On Red Hat 6.2 as shipped, it's apparently not the case.  OpenLDAP
    shipped with all Conectiva  Linux versions does have  ud installed
    with mode  775, but  the owner  is root.root.   Linux Mandrake  is
    also clear...

    There is no problem with this package in SuSE-Linux.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH