[Gluster-infra] Netbsd security issue (local root escalation), removed setuid flag on mail.local
Michael Scherer
mscherer at redhat.com
Fri Jul 22 16:00:30 UTC 2016
Hi,
after seeing http://akat1.pl/?id=2 (local root escalation), I removed
the setuid flag on the mail.local on all netbsd builders who were up.
Since we are not using mail for anything, i suspect this should cause
any trouble.
For reference, I used this:
$ ansible -i /tmp/host -u root -m shell -a 'chflags
nouchg /usr/libexec/mail.local && chmod -s /usr/libexec/mail.local &&
chflags uchg /usr/libexec/mail.local' all -e
"ansible_python_interpreter=/usr/pkg/bin/python2.7"
with this lists of hosts:
$ cat /tmp/host
[netbsd]
netbsd0.cloud.gluster.org
netbsd7.cloud.gluster.org
nbslave70.cloud.gluster.org
nbslave70.cloud.gluster.org
nbslave79.cloud.gluster.org
nbslave71.cloud.gluster.org
nbslave7c.cloud.gluster.org
nbslave72.cloud.gluster.org
nbslave7g.cloud.gluster.org
nbslave74.cloud.gluster.org
nbslave7h.cloud.gluster.org
nbslave75.cloud.gluster.org
nbslave7i.cloud.gluster.org
nbslave77.cloud.gluster.org
nbslave7j.cloud.gluster.org
howver, nbslave72.cloud.gluster.org and nbslave71.cloud.gluster.org
seems to be down, I know nigel is looking at it, so I will let him take
care of them.
--
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20160722/c2f8ce89/attachment.sig>
More information about the Gluster-infra
mailing list