[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Group-writable executable in OpenLDAP

Title: Group-writable executable in OpenLDAP
Released by: Dr. Christian Kleinewaechter
Date: 26th October 2000
Printable version: Click here
OpenLDAP installs the ud binary in $binpath with mode 775 and default

group (i.e. either you primary gid or the directories gid). Of course the

consequences depend on which group this actually is. This was checked with

1.2.11 (latest stable), but probably also exists in earlier versions,

since the Makefile.in is dated 1/14/1999. Developers have been notified

and fixed this issue (at least in the CVS tree). So either change the mode

in line



  $(LTINSTALL) $(INSTALLFLAGS) -m 775 ud $(bindir)



to



  $(LTINSTALL) $(INSTALLFLAGS) -m 755 ud $(bindir)



in clients/ud/Makefile.in (resp. clients/ud/Makefile if you don't use

autoconf) or chmod the executable afterwards (or maybe do nothing at all

if "default group" is a trusted group).



---------------------------------------------------------------------------

 Dr. Christian Kleinewaechter

 Universitaet Bielefeld

---------------------------------------------------------------------------

                    Wieviel Prozent hat ein Bit?








(C) 1999-2000 All rights reserved.