[Gluster-infra] Netbsd security issue (local root escalation), removed setuid flag on mail.local

[Michael Scherer]

Hi,

after seeing http://akat1.pl/?id=2 (local root escalation), I removed
the setuid flag on the mail.local on all netbsd builders who were up.
Since we are not using mail for anything, i suspect this should cause
any trouble.

For reference, I used this:

$ ansible -i /tmp/host -u root -m shell -a 'chflags
nouchg /usr/libexec/mail.local && chmod -s /usr/libexec/mail.local &&
chflags uchg /usr/libexec/mail.local'  all -e
"ansible_python_interpreter=/usr/pkg/bin/python2.7"

with this lists of hosts:
$ cat /tmp/host 
[netbsd]
netbsd0.cloud.gluster.org
netbsd7.cloud.gluster.org
nbslave70.cloud.gluster.org
nbslave70.cloud.gluster.org
nbslave79.cloud.gluster.org
nbslave71.cloud.gluster.org 
nbslave7c.cloud.gluster.org
nbslave72.cloud.gluster.org 
nbslave7g.cloud.gluster.org
nbslave74.cloud.gluster.org 
nbslave7h.cloud.gluster.org
nbslave75.cloud.gluster.org 
nbslave7i.cloud.gluster.org
nbslave77.cloud.gluster.org
nbslave7j.cloud.gluster.org

howver, nbslave72.cloud.gluster.org and nbslave71.cloud.gluster.org
seems to be down, I know nigel is looking at it, so I will let him take
care of them.

-- 
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20160722/c2f8ce89/attachment.sig>