[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

i386/575: /sbin/ping world-executable

To: gnats@openbsd.org
Subject: i386/575: /sbin/ping world-executable
From: abyss@abyss.imaji.net
Date: Sat, 15 Aug 1998 02:00:05 -0500 (CDT)


>Number:         575
>Category:       i386
>Synopsis:       despite being in /sbin (security reasons?) ping is a+x
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 15 01:00:02 MDT 1998
>Last-Modified:
>Originator:     abyss
>Organization:
Translucent Truths
net
>Release:        OpenBSD i386 2.3 almost-current
>Environment:
	System      : OpenBSD 2.3
	Architecture: OpenBSD.i386
	Machine     : i386
>Description:
	/sbin/ping is world-executable, meaning that joe user can ping flood
	or whatever. It is normal for other OS's to allow ping for everyone,
	but this appears to be a bug due to ping being in /sbin, rather than
	/bin or /usr/bin
>How-To-Repeat:
	become a user in i386 OpenBSD 2.3, and call /sbin/ping 
>Fix:
	chmod o-x /sbin/ping

>Audit-Trail:
>Unformatted:

Prev by Date: Re: i386/551
Next by Date: Re: i386/575: /sbin/ping world-executable
Prev by thread: Re: i386/551
Next by thread: Re: i386/575: /sbin/ping world-executable
Index(es):
- Date
- Thread